WordPress Plugin Vulnerabilities

Barclaycart - Unauthenticated Shell Upload

Description

The Barclaycart WordPress plugin was found to be vulnerable to an Unauthenticated Shell Upload security vulnerability, due to using a vulnerable version of the third-party uploadify dependency.

This issue has been seen exploited in the wild.

Proof of Concept

Affects Plugins

Plugin icon
barclaycart
No known fix

References

URL
https://packetstormsecurity.com/files/#125552/

Miscellaneous

Original Researcher
eX-Sh1Ne
Verified
No
WPVDB ID
5c143d20-267f-4fd3-afaa-a0892a8fcb9f

Timeline

Publicly Published
2014-03-05 (about 12 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-10-28 (about 5 years ago)

Other

Published
Title
Published
2015-04-04
Title
Work The Flow File Upload <= 2.5.2 - Shell Upload
Published
2024-09-25
Title
Bit Form – Contact Form Plugin < 2.13.11 - Authenticated (Administrator+) Arbitrary File Upload
Published
2023-12-12
Title
Greenshift – animation and page builder blocks < 7.6.3 - Authenticated (Administrator+) Arbitrary File Upload
Published
2024-12-18
Title
WP SuperBackup < 2.4 - Unauthenticated Arbitrary File Upload
Published
2025-07-04
Title
Bulk Featured Image <= 1.2.2 - Authenticated (Admin+) Arbitrary File Upload