WordPress CK-And-SyntaxHighLighter Arbitrary File Upload
Announce finding by Hekt0r – member of Iran Security Group- of discovering vulnerability -Wordpress ck-and-syntaxhighlighter Plugin Remote File Upload vulnerability-
Remote File Inclusion allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.
SyntaxHighlighter is fully functional self-contained code syntax highlighter in JavaScript. This vulnerability rated high risk by CVE.
According to website of software http://wordpress.org/plugins/ck-and-syntaxhighlighter/ the CK and SyntaxHighlighter plugin has not had update since 2011.