Description
WordPress Plugin Ruben Boelinger wordTube is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Ruben Boelinger wordTube version 1.43 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.44 or latest
References
http://www.securityfocus.com/bid/23737/exploit
http://www.securityfocus.com/archive/1/467362
Related Vulnerabilities
WordPress Plugin All Video Gallery 'vid' Parameter Multiple SQL Injection Vulnerabilities (1.1)
WordPress Plugin Convert Docx2post Arbitrary File Upload (1.4)
WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1)
WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)