Wordpress Themes Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in the following Wordpress themes:#- Smallbiz Themes: arbitrary file upload via the '/wp-content/themes/smallbiz/palette/index.php' web page##- ElegantThemes Divi Theme: privileges escalation through an unspecified vector##- ElegantThemes Extra Theme: privileges escalation through an unspecified vector.)
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress) -
     
Solution   - extra: 1.2.4.
     
CVE  
     
References   - WPScan Vulnerability Database : ElegantThemes - Privilege Escalation
https://wpvulndb.com/vulnerabilities/8394
- 0day.today : Wordpress Smallbiz Themes Remote File Uploads Vulnerability
http://0day.today/exploit/24926
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Upload of a PHP file in a vulnerable web application
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-02-09 

 Target Type 
Server 

 Possible exploit 
Remote