11 Jul

Old Vulnerability Report: Arbitrary File Upload Vulnerability in PitchPrint

One of the things that we recently started doing to better keep track of the  plugin vulnerabilities out there is to monitor third party data on hacking attempts. That sometimes leads us to finding what looks to be exploitation of vulnerabilities that a hacker has just discovered in the current version of a plugin. In other cases it shows old vulnerabilities that hackers are still trying to exploit. We have recently spotted an attempt to exploit an arbitrary file upload vulnerability in older versions of the plugin PitchPrint. We couldn’t find a page that clearly described the issue to link to for our data on the vulnerability, so here are the details.

[Read more]