Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:WP-MRKPLC-UPLOADIFY

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 WP Marketplace Plugin uploadify.php Arbitrary File Upload

Release Date

 2012/06/27

Update Number

 2156

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: WP Marketplace Plugin uploadify.php Arbitrary File Upload


This signature detects attempts to exploit a known vulnerability against WordPress WP Marketplace Plugin. A successful attack can lead to the upload of an arbitrary file.

Extended Description

The WP Marketplace plug-in for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WP Marketplace 1.5.0 through versions 1.6.1 are vulnerable.

Affected Products

  • WordPress WP Marketplace Plugin 1.5.0
  • WordPress WP Marketplace Plugin 1.6.1

References

  • BugTraq: 53789
  • URL: http://wordpress.org/extend/plugins/wpmarketplace/
  • URL: http://wordpress.org/extend/plugins/email-newsletter/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out