Wordpress Exploit : Over 10000 Sites Can Get Hacked! Protect Your Wordpress Site And Hosting Account
Hackers can get access to your hosting if they upload a c99shell (I know that php files is not available for "easy comment uploads", but the hacker can just rename the c99shell.php to c99shell.php.gif and get access.)
I searched on google and found a random site to demonstrate this vulnerability:
www(dot)waikatospca.org.nz/wp-content/uploads/2012/03/warrioirforum.gif (this is just a normal .gif image)
There are thousands of wordpress blogs still vulnerable to this attack. The vulnerability can be fixed by updating the wordpress easy comments plugin to version 0.71.
Create Amazing CSS3 Animations in just a few Clicks - New!
WPHeadline.net - Create Blazing Headlines in just a few clicks. Updated to WordPress 4.1.1