Description
Certain versions of the WordPress theme OptimizePress contain a file that can be used by attackers to upload arbitrary files on the web server and execute the code contained in these files. The vulnerable file is wp-content/themes/OptimizePress/lib/admin/media-upload.php.
Remediation
Delete wp-content/themes/OptimizePress/lib/admin/media-upload.php file.
References
Related Vulnerabilities
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)
Squid Improper Input Validation Vulnerability (CVE-2016-4555)
Unrestricted file upload vulnerability in ofc_upload_image.php
WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)