The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild.
The affected file was: /wp-content/themes/OptimizePress/lib/admin/media-upload.php A Metasploit module also exists for this vulnerability, see references.