OptimizePress (WordPress theme) vulnerability found, actively being exploited | ww.wp.xz.cn

osirt-brad
(@osirt-brad)

12 years, 6 months ago

(Just trying to get the word out to OptimizePress users as I haven’t gotten a reply from OptimizePress and I don’t see coverage of this exploit anywhere else yet. Mods – if this is the wrong forum, please correct me. I looked for rules/guidance but couldn’t find any.)

The OptimizePress “coming soon image” file upload utility is publicly accessible (does not require WP admin authentication) and does not perform any checking of file type. This allows hackers to find vulnerable sites via Google and upload PHP files to a known location, in most cases allowing them to take over the site.

I wrote full details on my blog: WordPress OptimizePress hack (file upload vulnerability).

Viewing 1 replies (of 1 total)

Pioneer Web Design
(@swansonphotos)

12 years, 6 months ago

http://codex.ww.wp.xz.cn/Hardening_WordPress#Reporting_Security_Issues

Viewing 1 replies (of 1 total)

The topic ‘OptimizePress (WordPress theme) vulnerability found, actively being exploited’ is closed to new replies.

Tags

exploit

In: Fixing WordPress
1 reply
2 participants
Last reply from: Pioneer Web Design
Last activity: 12 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics