CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution

[Henri Salo <henri () nerv fi>]

Can we assign CVE-identifier for this security vulnerability, thanks.

http://osvdb.org/show/osvdb/78479
http://www.securityfocus.com/bid/51638
http://secunia.com/advisories/47688/
http://www.exploit-db.com/exploits/18412/

Plugin is disabled in WordPress (doesn't show up in http://wordpress.org/extend/plugins/), but SVN can be found from 
here: http://plugins.svn.wordpress.org/kish-guest-posting/trunk/

File http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt says:

"""
= 1.2 =
security update for Uploadify Script
"""

But I haven't tested (yet) if that is valid fix for the vulnerability.

- Henri Salo