Themes Vulnerabilities

Construct 1.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download

Description

The construct WordPress theme was affected by a dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download security vulnerability.

Affects Themes

construct
Fixed in 1.5

References

Exploitdb
30443

Miscellaneous

Verified
No
WPVDB ID
ef58c992-f4dc-4375-8681-8828a9443c76

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2023-05-27
Title
WP EasyCart < 5.4.9 - Product Deletion via CSRF
Published
2014-08-01
Title
Zingiri Tickets - File Disclosure
Published
2014-08-01
Title
Email Newsletter <= 8.0 - Information Disclosure
Published
2023-05-30
Title
Display post meta, term meta, comment meta, and user meta <= 1.0.0 - Contributor+ Stored XSS
Published
2018-03-14
Title
MailPoet Newsletters < 2.8.2 - Spam Vulnerability