As we continue review old third-party data on hacking attempts to identity more vulnerabilities that hackers have likely already discovered in WordPress plugins we spotted an arbitrary file upload vulnerability in the plugin Adblock Blocker.

Back in February a request was made for the file /wp-content/plugins/addblockblocker/style.css, as part of what looks to be a series of requests looking for usage of plugins. Looking over that plugin for any obvious issues we found that in the current version of the it, 0.0.1, a file upload capability is accessible without being logged, despite only being intended to be accessed by users logged in as Administrators. [Read more]