My site was hacked and the plugin was the entry way for a java script upload. I did update to 0.71, but not before the hack unfortunately. I missed the update.
Description:
A vulnerability has been discovered in the Easy Comment Uploads plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the wp-content/plugins/easy-comment-uploads/upload.php script not properly verifying uploaded file types. This can be exploited to upload a PHTML file and execute arbitrary PHP code.
Here is the advisory link http://secunia.com/advisories/45959/.
I have the script that was uploaded if anyone wants to see it.
It’s a great plugin for uploading pics! I have been hacked 2 times so far by using it on the prior version. I hope VER 0.71 will correct this. I am still running the plugin. I will know soon enough.
