Neosense Theme < 1.8 – Unrestricted File Upload | CVE 2016-10954 | Theme Vulnerabilities

Description

Neosense is a commercial WordPress theme by dynamicpress.

Version 1.7 (and possibly earlier) includes in its theme directory a copy of the "qquploader" ajax file uploader, which does not verify user authorization.

Using this uploader, an attacker can upload any file to the site. The uploaded file is placed in the wp-content/uploads/YYYY/mm directory, which is normally writable.

The vulnerability can be used to achieve remote code execution by uploading a PHP script with extension .php or .phtml.

Affects Themes

Fixed in 1.8

References

CVE

URL

https://lifeforms.nl/20160919/unrestricted-upload-neosense

URL

https://seclists.org/fulldisclosure/2016/Sep/48

Miscellaneous

Submitter

Walter Hop

Submitter website

https://lifeforms.nl/

Verified

No

WPVDB ID

005f2310-9fcf-41a2-9464-a034187a1ffc

Timeline

Publicly Published

2016-09-19 (about 9 years ago)

Added

2016-09-20 (about 9 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2021-07-01

Title

PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Arbitrary File Upload

Published

2026-01-27

Title

AI Engine < 3.3.3 - Editor+ Arbitrary File Upload

Published

2014-08-01

Title

WP Symposium < 11.12.24 - Remote File Upload Code Execution

Published

2014-08-01

Title

Rich Widget - File Upload

Published

2024-04-10

Title

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.9 - Author+ Stored XSS via SVG Upload