ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Fusion Theme <= 3.1 - Arbitrary File Upload

Product
Fusion
Description
Because of this vulnerability in this Fusion theme, the authenticated users can execute arbitrary code by uploading a file with an executable extension in a fusion_save action and then accessing it via unspecified vectors.
Solution
Update the theme.
Classification
Type Local File Inclusion
References
CVE Mitre
CVE
Name CVE-2015-2194
Versions
Affected In <= 3.1
Fixed In 3.2
Disclosure date
2015-03-03