WordPress relies mostly on name-based file validation when deciding whether or not to allow uploading a particular file. This leaves the door open for various kinds of attacks.
There are security issues related to how wordpress handles file uploads. You need content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your website.
To fix that we are using “Lord of the Files: Enhanced Upload Security” plugin also called “blob mimes”. install this plugin and forget it. Your wordpress will be a little bit more secure.