Description
WordPress Plugin AccessAlly is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process. WordPress Plugin AccessAlly version 3.3.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3.2 or latest
References
Related Vulnerabilities
WordPress Plugin Poll Maker SQL Injection (3.4.1)
WordPress Plugin Advance Categorizer Cross-Site Scripting (0.3)
OpenSSL Resource Management Errors Vulnerability (CVE-2016-2179)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0046)
Oracle Database Server CVE-2008-1819 Vulnerability (CVE-2008-1819)