Vulnerability: System compromise in WordPress Clockstone
Danger: High
If the Patch: Yes
Number of vulnerabilities: 1
Vector operation: Remote
Impact: System Compromise
Affected products: WordPress Clockstone Theme 1.x
Affected versions: WordPress Clockstone 1.2, perhaps the only one.
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused due to insufficient checks downloaded files in the script wp-content/themes/clockstone/theme/functions/upload.php. A remote user can upload a file containing PHP code and execute it on the system with the privileges of the Web server.
Manufacturer URL: http://themeforest.net/item/clockstone-ultimate-wordpress-theme/306607
Solution: Install the update from the manufacturer.
links:
http://www.attack-scanner.com/security/clockstone-and-other-various-cmsmasters-themes-flaw-patched/