WordPress Recip.ly plugin's "uploadImage.php" parameter is prone to a vulnerability which allows attackers to upload arbitrary files. This is because it fails to adequately clean up user-supplied input. In this way, the attackers can use this vulnerability to upload an arbitrary code and then run it in the context of the webserver process.
Update the plugin.
Found a vulnerability that puts your sites at risk?