Themes Vulnerabilities

Curvo - wp-content/themes/curvo/functions/upload-h&ler.php File Upload CSRF

Description

The curvo WordPress theme was affected by a wp-content/themes/curvo/functions/upload-h&ler.php File Upload CSRF security vulnerability.

Affects Themes

curvo
No known fix

References

Exploitdb
29211
URL
https://packetstormsecurity.com/files/#123799/
URL
https://packetstormsecurity.com/files/#123820/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified
No
WPVDB ID
00ec525b-0141-4f9b-9394-960b1103ae95

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-11-28
Title
FastBook – Responsive Appointment Booking and Scheduling System <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-12-27
Title
Inline Image Upload for BBPress < 1.1.19 - Cross-Site Request Forgery via hm_bbpui_admin_page
Published
2024-11-28
Title
Yahoo! WebPlayer <= 2.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-09-05
Title
Backup Migration < 1.3.0 - Cross-Site Request Forgery
Published
2025-06-05
Title
Quick Event Calendar <= 1.4.9 - Cross-Site Request Forgery