Nmedia Users File Uploader Plugin for WordPress contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the wp-content/plugins/nmedia-user-file-uploader/js/uploadify/uploadify.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.
Remote / Network Access
Loss of Integrity
Upgrade to version 1.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.