One of the things we do to make sure we are providing our customers with the best data on the vulnerabilities that exist and are being exploited in WordPress plugins is to monitor our websites for hacking attempts. Through that we saw a recent request on one of them for the file /wp-content/plugins/genesis-simple-defaults/readme.txt, which indicates that a hacker may be probing for usage of the plugin Genesis Simple Defaults.

When looking to see if we could find a vulnerability that hackers would be interested in targeting in the plugin, one of the two files with PHP code in the plugin immediately stood out, uploadFavicon.php. Seeing as hacker frequently target arbitrary file upload vulnerabilities, based on the name of the file that would seem to be a likely location for that type of thing. [Read more]