CVE-2015-2194

Name of the Vulnerable Software and Affected Versions Fusion theme version 3.1 for Wordpress

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion save action. This is due to an unrestricted file upload vulnerability in the fusion options function in functions.php.

Recommendations For Fusion theme version 3.1, consider restricting file uploads to only allowed extensions as a temporary workaround until a patch is available. Restrict access to the fusion options function in functions.php to minimize the risk of exploitation. Avoid using the fusion save action with untrusted file uploads until the issue is resolved.