Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » WordPress Symposium plug-in plagued by file upload vulnerability

WordPress Symposium plug-in plagued by file upload vulnerability

2014/12/31

Threatpost - (International) Researchers with Trustwave SpiderLabs and Sucuri discovered and have been monitoring a number of exploit attempts in their honeypot and scans for a vulnerability in WordPress Symposium and the public availability of proof-of-concept exploit code that allows an attacker to upload files without authentication to sites running Symposium. Researchers found the latest versions of WordPress Symposium from both the WordPress Web site and the WPSymposium site were still vulnerable and the company announced the plug-in was downloaded more than 150,000 times.

Source: http://threatpost.com/wordpress-symposium-plug-in-plagued-by-file-upload-vulnerability/110166

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:22:59