There is an object injection vulnerability in swfupload plugin for wordpress.
swfupload project swfupload 3.5.2