CVE-2013-7102

Name of the Vulnerable Software and Affected Versions OptimizePress theme versions prior to 1.61

Description The issue concerns unrestricted file upload vulnerabilities in multiple files within the OptimizePress theme for WordPress. These vulnerabilities allow remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it directly. This has been exploited in the wild.

Recommendations For versions prior to 1.61, update to version 1.61 or later to resolve the issue. As a temporary workaround, consider restricting access to the media-upload.php, media-upload-lncthumb.php, and media-upload-sq button.php files in lib/admin/ to minimize the risk of exploitation. Additionally, restrict uploads to only necessary file types and ensure proper validation and sanitization of uploaded files.