After discovering an arbitrary file upload vulnerability in the plugin N-Media Post Front-end Form recently, we took a look at other plugins from the same developer and found that three other shared same the same vulnerable code. One of those is Front end file upload and manager Plugin.

In the case of this plugin, the developer had actually tried to restrict what kind of files could be uploaded, unlike the other plugin: [Read more]