07 Jun

Arbitrary File Upload Vulnerability in Image News slider

The Image News slider plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 3.5. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code. Proof [Read more]