WordPress Video Embed & Thumbnail Generator Plugin Multiple Remote Code Execution Vulnerabilities

Bugtraq ID:	52180
Class:	Input Validation Error
CVE:	CVE-2012-1785
Remote:	Yes
Local:	No
Published:	Feb 27 2012 12:00AM
Updated:	Mar 19 2015 07:35AM
Credit:	Reported by the vendor
Vulnerable:	WordPress Video Embed & Thumbnail Generator 1.1
Not Vulnerable:	WordPress Video Embed & Thumbnail Generator 2.0

WordPress Video Embed & Thumbnail Generator Plugin Multiple Remote Code Execution Vulnerabilities

Video Embed & Thumbnail Generator for WordPress is prone to multiple remote code-execution vulnerabilities.

Attackers can exploit this issue to execute arbitrary code within the context of the affected webserver process.

Video Embed & Thumbnail Generator 1.1 is vulnerable. Other versions may also be affected.

WordPress Video Embed & Thumbnail Generator Plugin Multiple Remote Code Execution Vulnerabilities

Currently we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

WordPress Video Embed & Thumbnail Generator Plugin Multiple Remote Code Execution Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

WordPress Video Embed & Thumbnail Generator Plugin Multiple Remote Code Execution Vulnerabilities

References:

• Omni Secure Files Plugin Homepage (Wordpress)
  
• Video Embed & Thumbnail Generator Homepage (WordPress)