WordPress DesignFolio Plus Theme 1.2 - Arbitrary File Upload

DesignFolio-Plus

Software
DesignFolio Plus
Versions
<= 1.2
Disclosure date
2015-03-04
CVE
CVE-N/A
References
Credits
Classification
Local File Inclusion
OWASP Top 10

Are your websites subject to this vulnerability?

Details

WordPress DesignFolio Plus theme is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer.

Solution

Update the theme.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.