Description
Certain versions of the WordPress theme OptimizePress contain a file that can be used by attackers to upload arbitrary files on the web server and execute the code contained in these files. The vulnerable file is wp-content/themes/OptimizePress/lib/admin/media-upload.php.
Remediation
Delete wp-content/themes/OptimizePress/lib/admin/media-upload.php file.
References
Related Vulnerabilities
WebLogic Improper Input Validation Vulnerability (CVE-2020-10693)
D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10)
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)
WordPress Plugin Product Lister for Walmart Remote Code Execution (1.0.1)