Description

WordPress Plugin WP-Syntax is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process. WordPress Plugin WP-Syntax versions 0.9.9 and prior are affected.

Remediation

Update to plugin version 0.9.10 or latest

References

http://www.securityfocus.com/bid/36040/exploit

http://www.exploit-db.com/exploits/9431/

http://secunia.com/advisories/36304/

Related Vulnerabilities

WordPress Plugin WP eCommerce Multiple Vulnerabilities (3.9.1)

WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)

WordPress Plugin WordPress Sentinel Multiple Vulnerabilities (1.0.0)

WordPress Plugin RSS Post Importer Cross-Site Scripting (2.2.1)

WordPress Plugin Orbit Fox by ThemeIsle Multiple Vulnerabilities (2.10.2)

Severity

High

Classification

CVE-2009-2852 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Tags

Missing Update Code Execution