[FD] Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0

Title: Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Vulnerability Date: 2017-02-27 Download: http://ift.tt/2cVeXTd Vendor: http://ift.tt/2misg41 Notified: 2017-02-27 Description: Mobile App WordPress plugin lets you turn your website into a full-featured mobile application in minutes using Mobile App Builder. Vulnerability: The code in file ./zen-mobile-app-native/server/images.php doesn't require authentication or check that the user is allowed to upload content. It also doesn't sanitize the file upload against executable code.