One of the important ways we keep track of the vulnerabilities that exist and have existed in WordPress plugins is by monitoring for apparent hacking attempts against WordPress plugins. We started by monitoring our websites, but after we kept finding new vulnerabilities that existed in the current version of plugins through that we expanded out our monitoring to some outside data sources. Through that we found yet another very exploitable vulnerability in the current version of a plugin.

In one of the data sources we monitor we saw a request for the file /wp-content/plugins/wp-post-frontend/js/plupload-2.1.2/examples/upload.php, which is a part of the plugin N-Media Post Front-end Form. Looking at that file you could upload arbitrary files to a website provided that the PHP setting upload_tmp_dir is configured. The ability for this to be exploited seems to be limited, since file does not tell you were the upload file is located. So unless you could determine that some other way you wouldn’t be able to access it. If the directory is not web accessible then you would also need access to a local file inclusion (LFI) vulnerability to be able to exploit it. [Read more]