Full title: WordPress AIT CSV Import/Export 3.0.3 Shell Upload Exploit 
Category: remote exploits
Platform: php
WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.

# 0day.today @ http://0day.today/