Vigil@nce - WordPress Custom Content Type Manager: code execution
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a vulnerability of WordPress Custom Content
Type Manager, in order to execute code.
Impacted products: WordPress Plugins
Severity: 1/4
Creation date: 06/07/2015
DESCRIPTION OF THE VULNERABILITY
The Custom Content Type Manager plugin can be installed on
WordPress.
However, an administrator can achieve arbitrary PHP remote code
execution.
An attacker can therefore make WordPress Custom Content Type
Manager run arbitrary PHP code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-Custom-Content-Type-Manager-code-execution-17309