Omni Secure Files 0.1.13 - Unauthenticated Arbitrary File Upload



Description
This plugin came with the vulnerable plupload library and has been seen exploited in the wild.
Proof of Concept
The vulnerable file is:

http://www.example.com/wp-content/plugins/omni-secure-files/plupload/examples/upload.php

Affects Plugin

no known fix
- plugin closed

References

ExploitDB 19009
SecurityFocus 53872

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Original Researcher Adrien Thierry
Views 6326
Verified No
WPVDB ID 6213

Timeline

Publicly Published 2012-06-07 (about 8 years ago)
Added 2014-08-01 (almost 6 years ago)
Last Updated 2020-03-02 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin