WordPress OptimizePress Theme Shell Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'WordPress OptimizePress Theme File Upload Vulnerability', 'Description' = %q This module exploits a vulnerability foun...

WordPress OptimizePress Theme File Upload Vulnerability

This module exploits a vulnerability found in the WordPress theme OptimizePress. The vulnerability is due to an insecure file upload on the media-upload.php component, allowing an attacker to upload arbitrary PHP code. This module has been tested successfully on OptimizePress 1.45. This module...

WordPress OptimizePress Theme File Upload Remote Code Execution

A file upload vulnerability has been reported in the Wordpress theme OptimizePress. The vulnerability is due to an insecure file upload on the media-upload.php component. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system...

CVE-2013-7102

Multiple unrestricted file upload vulnerabilities in 1 media-upload.php, 2 media-upload-lncthumb.php, and 3 media-upload-sqbutton.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extensio...

Unrestricted file upload

Multiple unrestricted file upload vulnerabilities in 1 media-upload.php, 2 media-upload-lncthumb.php, and 3 media-upload-sqbutton.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extensio...

CVE-2013-7102

Multiple unrestricted file upload vulnerabilities in 1 media-upload.php, 2 media-upload-lncthumb.php, and 3 media-upload-sqbutton.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extensio...

CVE-2013-7102

CVE-2013-7102 concerns the WordPress theme OptimizePress up to version 1.61, where multiple unrestricted file upload vulnerabilities exist in lib/admin/media-upload.php, media-upload-lncthumb.php, and media-upload-sq_button.php. The root cause is insecure handling of uploaded files, enabling remo...

VulnCheck KEV: CVE-2013-7102

Multiple unrestricted file upload vulnerabilities in 1 media-upload.php, 2 media-upload-lncthumb.php, and 3 media-upload-sqbutton.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable...

WordPress OptimizePress插件任意文件上传漏洞

WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 '/wp-content/themes/OptimizePress/lib/admin/media-upload.php'不正确校验用户提交的上传文件扩展，允许远程攻击者利用漏洞提交恶意文件，并以WEB权限执行。 0 WordPress OptimizePress Plugin 1.x 厂商补丁： WordPress ----- WordPress OptimizePress Plugin 1.6已经修复该漏洞，请到厂商的主页下载：...

WordPress OptimizePress Theme <= 1.60 - File Upload Vulnerability

Multiple unrestricted file upload vulnerabilities, the attackers can execute arbitrary code by uploading a file with an executable extension, then accessing it. Solution Update the theme...

WordPress OptimizePress Theme File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'WordPress OptimizePress Theme File Upload Vulnerability', 'Description' = %q This module exploits a vulnerability found...

OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload

The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild. PoC The affected file was:...

OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload

The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild. The affected file was:...