6 matches found
mTheme Unus < 2.3 - Directory Traversal
The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...
CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...
Attackers Target 1M+ WordPress Sites To Harvest Database Credentials
Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting XSS vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials. The attacks were...
VulnCheck KEV: CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...
CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...
CVE-2015-9406
CVE-2015-9406 affects the WordPress theme mTheme-Unus prior to version 2.3. The vulnerability is a directory traversal in the files parameter of css/css.php that allows reading arbitrary files. External sources in connected documents confirm this flaw and describe the impact as potential exposure...