WordPress OptimizePress unrestricted file upload

Description
  • Certain versions of the WordPress theme OptimizePress contain a file that can be used by attackers to upload arbitrary files on the web server and execute the code contained in these files. The vulnerable file is <strong>wp-content/themes/OptimizePress/lib/admin/media-upload.php</strong>.
Remediation
  • Delete <strong>wp-content/themes/OptimizePress/lib/admin/media-upload.php</strong> file.
References