WP User Frontend [Unrestricted File Upload]


WordPress plugin WP User Frontend suffers from an unrestricted file uploade vulnerability. An attacker can exploit the wpuf_file_upload or
wpuf_insert_image actions to upload any file which pass the WordPress mime and size checks.

The attack does not require any privilege to be performed. The mentioned actions are available to non-privileged users also, thus allowing to anyone uploading files to the web server.