I run a few WordPress sites (this is one of them) and today have seen several attacks coming in (all bouncing off the firewall).
The latest seems to be attacking a vulnerability in a WordPress plugin called Front End Upload. The URL people are hitting is /wp-content/plugins/front-end-upload/upload.php
Front End Upload requires WordPress 3.2 or higher, so is likely to be on relatively up to date blogs. It has been downloaded 9460 times so far, so is being used a fair amount too.
On the WordPress site they do warn “Uploading files should be considered risky“.
Front End Upload allows you to create an upload page on your site by simply adding [front-end-upload] to a page. The uploader will appear when the page is published.
Version 0.5.4.3 and 0.5.4
The latest versions may be secure, as on the changelog it says
0.5.4.3 – Additional security precautions to better validate submissions to upload.php
0.5.4 – Fixed a security threat that allowed for potential code execution. Upgrade right away. This was not an issue in Front End Upload Pro.
These current attacks may be attempting to exploit older versions. Upgrade, or if in doubt, disable until the develop confirms that the latest version is not being exploited.
Update – Security Focus
Just found this on http://securityfocus.com/bid/54655/discuss:
Front End Upload plugin is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Front End Upload 0.5.4.4 is vulnerable; other versions may also be affected.
In my cases files with names iwoxiek.php and similar files names were tried. The latest version is 0.5.4.6. I have no idea if this is safe or not!