Ashiyane DST Discover WordPress Userpro Remote File Upload Bug

Userpro Wordpress Userpro Remote File Upload

Security researchers at Iranian team Ashiyane Digital Security Team have discover remote file upload vulnerability in Wordpress -Google Dork: inurl:/wp-content/plugins/userpro/- Vulnerability risk is rated as high by cxsecurity.com

This module -requires using Metasploit- exploits an arbitrary PHP code upload in the wordpress Ifileupload plugin The vulnerability allows for unauthorization file upload and remote code execution.

Link: https://cxsecurity.com/issue/WLB-2016100199

Exploit is make by: T3rm!nat0r5

All vulns find by Ashiyane: https://cxsecurity.com/search/author/DESC/AND/FIND/0/10/Ashiyane+Digital+Security+Team/

T3rm!nat0r5 contact: [email protected]
Ashiyane home: http://ashiyane.org/

Leave a Reply

Your email address will not be published. Required fields are marked *