1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: WordPress Password Reset Attempt

Attack: WordPress Password Reset Attempt

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a file upload vulnerability in WordPress Symposium plugin.

Additional Information

WP Symposium is a plugin for the Wordpress content management application.

The plugin is prone to multiple vulnerabilities that lets attackers upload arbitrary files. Specifically, these issues affect the 'wp-symposium/server/php/index.php' and 'wp-symposium/server/php/UploadHandler.php' scripts.

An attacker may leverage these issues to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.

WP Symposium 14.11 is vulnerable; other versions may also be affected.

Affected

  • WP Symposium 14.11 is vulnerable; other versions may also be affected.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube