WordPress CK-And-SyntaxHighLighter Arbitrary File Upload

Announce finding by Hekt0r – member of Iran Security Group- of discovering vulnerability -Wordpress ck-and-syntaxhighlighter Plugin Remote File Upload vulnerability-

Remote File Inclusion allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.

SyntaxHighlighter is fully functional self-contained code syntax highlighter in JavaScript. This vulnerability rated high risk by CVE.

According to website of software http://wordpress.org/plugins/ck-and-syntaxhighlighter/ the CK and SyntaxHighlighter plugin has not had update since 2011.

Leave a Reply

Your email address will not be published. Required fields are marked *