Ashiyane DST Discover WordPress Userpro Remote File Upload Bug
Userpro Wordpress Userpro Remote File Upload
Security researchers at Iranian team Ashiyane Digital Security Team have discover remote file upload vulnerability in Wordpress -Google Dork: inurl:/wp-content/plugins/userpro/- Vulnerability risk is rated as high by cxsecurity.com
This module -requires using Metasploit- exploits an arbitrary PHP code upload in the wordpress Ifileupload plugin The vulnerability allows for unauthorization file upload and remote code execution.
Link: https://cxsecurity.com/issue/WLB-2016100199
Exploit is make by: T3rm!nat0r5
All vulns find by Ashiyane: https://cxsecurity.com/search/author/DESC/AND/FIND/0/10/Ashiyane+Digital+Security+Team/
T3rm!nat0r5 contact: [email protected]
Ashiyane home: http://ashiyane.org/