System compromise in WordPress Clockstone

Posted: December 24, 2012 in Vulnerabilities
Tags: , ,

Wordpress VulnerabilityVulnerability: System compromise in WordPress Clockstone

Danger: High
If the Patch: Yes
Number of vulnerabilities: 1

Vector operation: Remote
Impact: System Compromise

Affected products: WordPress Clockstone Theme 1.x

Affected versions: WordPress Clockstone 1.2, perhaps the only one.


The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to insufficient checks downloaded files in the script wp-content/themes/clockstone/theme/functions/upload.php. A remote user can upload a file containing PHP code and execute it on the system with the privileges of the Web server.

Manufacturer URL:

Solution: Install the update from the manufacturer.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s