ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Persuasion Theme 2.x - Arbitrary File Download and File Deletion Exploit

Product
Persuasion
Description
WordPress Persuasion theme is prone to an arbitrary file download and file deletion exploit vulnerabilities in "http://vulnerable-site.com/wp-content/themes/persuasion/lib/scripts/dl-skin.php". Attacker can download readable files from the server and also can delete contents of writeable directories.
Solution
Upgrade the theme.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.3, 2.0
Fixed In 2.4
Disclosure date
2013-12-23
Credits
Interference Security