07 Jun

Arbitrary File Upload Vulnerability in Homepage SlideShow

The Homepage SlideShow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 2.3. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

[Read more]