Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress OptimizePress unrestricted file upload - Vulnerability Database

WordPress OptimizePress unrestricted file upload

Description

Certain versions of the WordPress theme OptimizePress contain a file that can be used by attackers to upload arbitrary files on the web server and execute the code contained in these files. The vulnerable file is wp-content/themes/OptimizePress/lib/admin/media-upload.php.

Remediation

Delete <strong>wp-content/themes/OptimizePress/lib/admin/media-upload.php</strong> file.

References

WordPress OptimizePress hack (file upload vulnerability)

Related Vulnerabilities

Telerik Web UI Unrestricted File Upload (CVE-2017-11317) High
Common tags: Arbitrary File Creation Code Execution Unauthenticated File Upload
ColdFusion 8 FCKEditor file upload vulnerability High
Common tags: Arbitrary File Creation Code Execution Unauthenticated File Upload
Fortinet FortiNAC RCE via arbitrary file upload High
Common tags: Arbitrary File Creation Code Execution Unauthenticated File Upload
Telerik Web UI Insecure Direct Object Reference High
Common tags: Arbitrary File Creation Code Execution Unauthenticated File Upload
Telerik Web UI Unrestricted File Upload (CVE-2014-2217) High
Common tags: Arbitrary File Creation Code Execution Unauthenticated File Upload

Severity

High

Classification

CVE-2013-7102
CWE-20
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Arbitrary File Creation
Code Execution
Unauthenticated File Upload