Title: Remote file Upload for BlogChat System WP Plugin
Author:Larry W. Cashdollar	
Date:4/20/2015
Download:https://wordpress.org/plugins/blogchat-chat-system/
Vulnerability:
wp-content/plugins/blogchat-chat-system/html/Upload.php doesn't check that
a user is authenticated before allowing arbitrary image file uploads.

If the remote server is not configured to handle certain image extensions it is
possible these image files can contain malicious code that will be passed to
the php interpreter.

	$extension = strtolower($extension);
 				//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
				//otherwise we will do more tests
 				if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
 				{