BlogSecurity » Blog Archive » WordPress PictPress File Include Vulnerability

WordPress PictPress File Include Vulnerability

Filed Under (Advisories, WordPress) by DK on 19 December 2007

An exploit has been made publicly available affecting Wordpress PictPress <= release0.91 plugin.

This is a remote file include vulnerability. This means an attacker requires no authentication or action from the blog administrator in order to compromise or gain full access to the blog.

This is a CRITICAL risk issue. It is recommended that you disable this plugin if in use, until a fix has been provided by the plugin developer.

Credits to Gold_M for discovering this vulnerability.

Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

DK on 20 December, 2007 at 1:32 am #

Note: This is likely being exploited in the wild.

Comment

Name:
Email:
Website:
Message:

Comments

Welcome to BlogSecurity

Secure WordPress

Recent Posts

Have your say!

Sponsors

Additional WP Resources

Recent Comments

Posts by Category