Lucene search

K
patchstackN/APATCHSTACK:82D0BE2D14B4A153D014FB8635955DCE
HistoryAug 01, 2014 - 12:00 a.m.

WordPress Listings Theme - Remote Code Execution

2014-08-0100:00:00
N/A
patchstack.com
6
wordpress
listings theme
bug
unauthenticated
code execution
update

There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have.

Solution

           Update the theme. 

Affected configurations

Vulners
Node
-listingsRange1.0
VendorProductVersionCPE
-listings*cpe:2.3:a:-:listings:*:*:*:*:*:*:*:*