Wordpress Themes Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in the following WordPress themes:#- Javo Spot Premium: directory traversal via an AJAX request#- Dance Studio: arbitrary file inclusion.##Proofs of concept are available.)
     
Vulnerable Products   Vulnerable Software:
WordPress (WordPress) -
     
Solution   No solution for the moment.
     
CVE  
     
References   - CodeSeekah : Javo Themes Spot LFI Vulnerability
https://codeseekah.com/2017/02/09/javo-themes-spot-lfi-vulnerability/
- cxsecurity : Wordpress Themes dance studio 1.0.0 - Arbitrary Shell Upload vulnerbility
https://cxsecurity.com/issue/WLB-2017020123
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
Misc : Local File Inclusion - suspicious /etc/passwd found in URL
3.5.0
Upload of a PHP file in a vulnerable web application
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-02-10 

 Target Type 
Server 

 Possible exploit 
Remote