The Carousel slideshow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 3.11. The details of the underlying issue that causes this can be found inour post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/carousel/1_uploadfolder/big/. [Read more]