wp-admin/options.php in WordPress MU prior to 1.3.2, and WordPress 2.3.2 and previous versions, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |
||
wordpress wordpress mu |