WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell
upload vulnerability.
Vendor Homepage: http://tribulant.com/
Software: Slideshow Gallery
Version: 1.4.6
Software Link: http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip
Tested on: Windows 7 OS, Wordpress
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I found a serious security vulnerability in the Slideshow Gallery
plugin. This bug allows an attacker to upload any php file remotely to
the vulnerable website (administrator by default).
I have tested and verified that having the current version
