Product Description:
Ultimate Product Catalog plugin is designed to
help WordPress sites administrators display products quickly and
easily in an attractive and customizable layout, making your
catalogue easy to browse, sort and update with categories,
sub-categories, and tags.
Vulnerability Summary:
Severity: Critical
Class: Unauthenticated Arbitrary File Upload
Remote: Yes
Vulnerable: Wordpress Ultimate Product Catalogue
Plugin 3.1.1 (and previous versions)
Credit: Luca Ercoli
http://blog.seeweb.it/wordpress-ultimate-product-catalogue-vulnerability
The vulnerability occurs due to the use of
user-supplied input without proper validation.
By sending a specially-crafted HTTP POST
request, a remote unauthenticated attacker can exploit this issue to
upload arbitrary file and execute it in the context of the webserver
process.
Vulnerability
Description:
Full disclosure and a proof-of-concept (PoC) exploit at:
http://blog.seeweb.it/wordpress-ultimate-product-catalogue-vulnerability
Vendor Response:
According to the vendor, a software version that
fixes the vulnerability found has been released and is available for
download.