WordPress Lazy SEO plugin version 1.1.9 suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.
7e6392b31a7cf6905f01765ca48cb4eced37d1b642177cdae03946cf58c2ba14
#######################################################################
# Exploit Title : Wordpress Lazy SEO plugin Shell Upload Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork: : inurl:/wp-content/plugins/lazy-seo/
#
# Date: 2013/09/21
#
# Vendor Homepage : http://wordpress.org/plugins/lazy-seo
#
# Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
#
# Version : 1.1.9
#
# Tested on: Windows
#
##############
#
#Location: Site/wp-content/plugins/lazy-seo/lazyseo.php
#
##############
#1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
#2.Click on Browse...
#3.Select Shell Code
#3.Complete the fields
#4.Press Enter
#5.Shell Address : wp-content/plugins/lazy-seo/Shell.php
##############
# Demo:
#
# http://www.discomaximus.com/wp-content/plugins/lazy-seo/lazyseo.php
#
# http://noteclosing.com/wp-content/plugins/lazy-seo/lazyseo.php
##############
#
# Discovered By : ACC3SS
#
##############