Description

Certain versions of the WordPress theme OptimizePress contain a file that can be used by attackers to upload arbitrary files on the web server and execute the code contained in these files. The vulnerable file is wp-content/themes/OptimizePress/lib/admin/media-upload.php.

Remediation

Delete wp-content/themes/OptimizePress/lib/admin/media-upload.php file.

References

WordPress OptimizePress hack (file upload vulnerability)

Related Vulnerabilities

TYPO3 Improper Input Validation Vulnerability (CVE-2012-1608)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)

Telerik Web UI Insecure Direct Object Reference

PHP version older than 5.2.6

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

Severity

High

Classification

CVE-2013-7102 CWE-20 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Arbitrary File Creation Code Execution Unauthenticated File Upload