WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities

IT Swift - Know IT News Swiftly

wordpress_daily_edition1

WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities

Exploit Title: WordPress Daily Edition Theme v1.6.2 /thumb.php src Parameter Unrestricted Upload of File Security Vulnerabilities

Product: WordPress Daily Edition Theme

Vendor: WooThemes

Vulnerable Versions: v1.6.2

Tested Version: v1.6.2

Advisory Publication: Mar 07, 2015

Latest Update: Mar 07, 2015

Vulnerability Type: Unrestricted Upload of File with Dangerous Type [CWE-434]

CVE Reference: *

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:



(1) Vendor & Product Description:

Vendor:

WooThemes

Product & Version:

WordPress Daily Edition Theme

v1.6.2

Vendor URL & Download:

WordPress Daily Edition Theme can be got from here,

http://www.woothemes.com/products/daily-edition/

Product Introduction:

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication"

“The Daily…

View original post 詳見內文:約268字

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s