The Blaze Slideshow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 2.7. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/blaze/1_uploadfolder/big/. [Read more]