Joshua Small

**Name of the Vulnerable Software and Affected Versions** WeStand WordPress theme versions prior to 2.1 footysquare WordPress theme aidreform WordPress theme statfort WordPress theme club-theme WordPress theme kingclub-theme WordPress theme spikes WordPress theme spikes-black WordPress theme soundblast WordPress theme bolster WordPress theme **Description** The issue concerns a lack of authorization and upload validation in the `lang upload.php` file, allowing any unauthenticated attacker to upload arbitrary files to the web server. This enables potential malicious activities without proper access controls. **Recommendations** For WeStand WordPress theme version prior to 2.1, update to version 2.1 or later. For footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, and bolster WordPress theme, consider disabling the `lang upload.php` file until a patch is available to prevent unauthorized file uploads.