header-logo
Suggest Exploit
vendor:
Rich WidgetPlugin for WordPress
by:
SecurityFocus
8,8
CVSS
HIGH
Arbitrary File-Upload
264
CWE
Product Name: Rich WidgetPlugin for WordPress
Affected Version From: Rich WidgetPlugin for WordPress
Affected Version To: Rich WidgetPlugin for WordPress
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Rich WidgetPlugin for WordPress Arbitrary File-Upload Vulnerability

The Rich WidgetPlugin for WordPress is prone to an arbitrary file-upload vulnerability. An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

Restrict access to the vulnerable filemanager/connectors/test.html page.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55174/info

The Rich WidgetPlugin for WordPress is prone to an arbitrary file-upload vulnerability.

An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. 

http://www.example.com/wp-content/plugins/rich-widget/fckeditor/editor/filemanager/connectors/test.html