N/A

Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.

N/A

N/A

WordPress OptimizePress主题‘media-upload.php’任意文件上传漏洞

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。OptimizePress Theme是其中的一个网络营销主题。 WordPress的OptimizePress主题1.60及之前的版本中的lib/admin/media-upload.php，lib/admin/media-upload-lncthumb.php，lib/admin/media-upload-sq_button.php文件中存在未限制文件上传漏洞。

N/A

N/A