A vulnerability in the popular third-party plugin, 1 Flash Gallery, has been identified by multiple independent sources. The vulnerability allows attackers to perform an arbitrary file upload (usually a malicious php script or the like) which then can be used to perform various undesirable actions from the victim’s server (typically server a spam email relay). An attack string looks something like this:
The problem occurs because the plugin fails to perform adequate validation checks on files specified for uploads (should only allow images). The vulnerability is present on versions 1.30 through 1.5.7. Version 1.5.8 is available from the Official WordPress Plugin Directory. Immediate update is recommended. If this is not possible, you may want to consider removing or otherwise thoroughly disabling the plugin until you can address the issue.
Users may also wish to review their server access logs for a string resembling the one above as well as any unusual activity (the mail log is a good place to check for subsequent exploits).
I'm the front-man of It's WordPress. I come from a diverse array of backgrounds, enjoying the opportunity to expand my knowledge base and skill set by re-inventing myself. I enjoy environments that focus on emerging information, technology and concepts. I put on the technical hat in my early 20s and never really looked back. I'm love technology and the internet, as well as the outdoors and avidly hike, kayak and camp every chance I get.
We can take you from concept, through design, development and deployment in one seamless process. Whether you choose a self-managed web site or need a continuing support relationship; we've got you covered.