OptimizePress (WordPress theme) vulnerability found, actively being exploited
-
(Just trying to get the word out to OptimizePress users as I haven’t gotten a reply from OptimizePress and I don’t see coverage of this exploit anywhere else yet.)
The OptimizePress “coming soon image” file upload utility is publicly accessible (does not require WP admin authentication) and does not perform any checking of file type. This allows hackers to find vulnerable sites via Google and upload PHP files to a known location, in most cases allowing them to take over the site.
I wrote full details on my blog: WordPress OptimizePress hack (file upload vulnerability).
Reply
-
You did not specify a blog address or reason for posting when you created this topic.
This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.
If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.
If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.
This is an automated message.
-
- The topic ‘OptimizePress (WordPress theme) vulnerability found, actively being exploited’ is closed to new replies.
WordPress.com Forums 