← back
CVE-2013-1916

CVE-2013-1916

EPSS 12.1%CWE-434
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
Affected products
n/a · WordPress Plugin User Photo
public PoCs found1
cve_referencewww.exploit-db.com/exploits/16181unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/changeset/347137https://wordpress.org/plugins/user-photo/#developershttps://www.exploit-db.com/exploits/16181