SalvusAlert : WordPress Plugin Kish Guest Post vulnerability

Summary:The Plugin “Guest Post” vulnerable to unauthorized uploads


Information At A Glance
Source	Version/Dependency	Developer	Severity
n0b0d13s	1.0	kishpress.com	CRITICAL
Summary The WordPress Plugin Kish Guest Posting Plugin 1.0 (uploadify.php) is vulnerable to an Unrestricted File Upload Vulnerability. The script does not restrict access for uploads properly. Therefore an attacker could upload malicious files. Additionally a public exploit has been made available for this. Fix This is not currently listed on the WordPress.org plugin site. We recommend you either disable this until it can be fixed and contact the developer for a patch. OR edit the code and make the necessary changes. Source Reported by n0b0d13s

$4.95 Domains (1-year term only) at Network Solutions®! NEW Customers Only - Use code: NCDISC01AF. Start Now!

Disclaimer: Salvus Alerting provides timely industry related information to its subscriber community and visitors for informational purposes only and makes every effort to distribute accurate and reliable information. Any information provided, is considered “as-is” and the subscriber and/or visitor assumes all responsibility for its uses. Salvus Alerting disclaims all warranties with regard to the information being provided, including all implied warranties of merchantability and fitness. In no event shall Salvus Alerting be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other legal action, arising out of or in connection with the use or performance of this information being provided. Salvus Systems and Salvus Alerting is a wholly owned and operated by FactNgN, LLC.