OptimizePress Theme < 1.6 – Unauthenticated Arbitrary File Upload | CVE 2013-7102 | Theme Vulnerabilities

Description

The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site.

This vulnerability has been seen exploited in the wild.

Proof of Concept

The affected file was: 

/wp-content/themes/OptimizePress/lib/admin/media-upload.php

A Metasploit module also exists for this vulnerability, see references.

Affects Themes

Fixed in 1.6

References

CVE

URL

exploit/unix/webapp/wp_optimizepress_upload

URL

https://packetstormsecurity.com/files/#124246/

URL

https://blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html

Miscellaneous

Verified

No

WPVDB ID

dc9ea90a-f73b-4dfe-9a78-766da8b10967

Timeline

Publicly Published

2013-11-29 (about 12 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-10-21 (about 5 years ago)

Other

Published

Title

Published

2025-06-12

Title

MapSVG < 8.7.4 - Contributor+ Arbitrary File Upload

Published

2024-10-17

Title

Affiliator <= 2.1.3 - Unauthenticated Arbitrary File Upload

Published

2021-08-17

Title

Shopp eCommerce <= 1.4 - Unauthenticated Arbitrary File Upload

Published

2023-10-10

Title

User Submitted Posts < 20230914 - Unauthenticated Arbitrary File Upload

Published

2013-11-30

Title

Phototouch < 1.2.2 - Arbitrary File Upload via themify-ajax.php