ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Holding Pattern Theme <= 0.6 - Unrestricted File Upload

Product
Holding Pattern
Description
This vulnerability allows an attacker to upload arbitrary files. The application uses limited validation which means unauthorized upload is allowed.
Solution
Update the theme.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2015-1172
Versions
Affected In <= 0.6
Fixed In 0.7
Disclosure date
2015-01-17
Credits
Alexander Borg