WordPress Kiddo Theme "uploadify.php"任意文件上传漏洞

WordPress Kiddo是WordPress的儿童主题。 WordPress Kiddo的/wp-content/themes/kiddo/app/assets/js/uploadify/uploadify.php脚本允许上传任意扩展名的文件到webroot的文件夹内，如果上传的文件包含恶意PHP脚本，即可导致执行任意PHP代码。 0 WordPress Kiddo 1.x 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

WordPress Theme Kiddo - Arbitrary File Upload

source: https://www.securityfocus.com/bid/65460/info The Kiddo theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to sufficiently sanitize file extensions. An attacker can exploit this issue to upload arbitrar...

WordPress Theme Kiddo - Arbitrary File Upload

WordPress Theme Kiddo - Arbitrary File Upload source: https://www.securityfocus.com/bid/65460/info The Kiddo theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to sufficiently sanitize file extensions. An...

WordPress Kiddo Theme - Arbitrary File Upload

WordPress Kiddo theme is prone to an arbitrary file upload vulnerability that allows to upload arbitrary code and run it in the context of the web server process. It makes it easier unauthorized access to the application. Solution Update the plugin...