Security Researchers have discovered a vulnerability in SB Uploader Plugin WordPress. Vulnerability is confirmed with WordPress SB Uploader Version 3.2 and other previous versions may also be affected. We strongly advise you to immediately upgrade the plugin to its new version 3.3.
|SB Uploader Plugin Description||The Plugin provides facility to upload an image can be done on the same page as the Post/Page editor and there is no separate upload button, just the Save/Publish Post/Page button as normal.|
|Plugin Ownership||Sean Barton|
|Version(s) Affected||3.2 and previous versions may also be affected.|
|Plugin Download||Plugin Download Page|
|Vulnerability Description||The issue is due to the ‘wp-content/plugins/sb-uploader/sb_uploader.php’ script not verifying uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.|
|Impact||Self hosted WordPress Blogs.|
|Solution||Upgrade to version 3.3|