|
Description
|
|
(#Several vulnerabilities have been identified in themes for WordPress:#- ypo-theme: arbitrary file download. A remote attacker could exploit it via a specially crafted URL in order to download arbitrary files in the website directory. The vulnerability is located in the 'download' parameter of the 'download.php' script file##- ColorWay: cross-site scripting. A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link. The vulnerability is located in the 'contactName', 'email' and 'comments' POST parameters of the 'contact.php' script file.##Proofs of concept are available.)
|
