New WordPress Theme Vulnerabilities Discovered

Wordfence creator, Mark Maunder, has identified  several themes with either a Cross-site request forgery (CSRF) file upload vulnerability, or an email sender vulnerability.  The exploit of these security hole has been seen in the wild. If you are using any of the  themes listed below,  you should contact the developer immediately to see if there is a patch available. Work with them to determine if your particular version contains the vulnerability and get their advice on what action to take.  If the developers do not respond after a reasonable amount of time, work with your hosting provider or webmaster to determine if you have a vulnerability and what action to take.  Remember that deactivation will not remove the vulnerability. If no patch is available, or if the theme appears abandoned or unsupported you should completely uninstall and remove all files associated with the theme or plugin from your site to remove the security hole.

  • Cubed Themes version 1.0 to 1.2. Remote file upload vulnerability. Distributed by themeprofessor.com. Exploit released on 9 November 2013.
  • Army Knife Theme, unspecified version. CSRF File Upload vulnerability. Theme is distributed byfreelancewp.com. Exploit released 9 November 2013.
  • Charcoal Theme. CSRF File upload vulnerability. Distributed by the official WordPress repository. The theme hasn’t been updated for several years, so we recommend deleting all files from your system.
  • WP Realty Plugin may contain an email sender vulnerability. Please contact vendor for clarification. We’re seeing exploits that claim to exploit this hole. Plugin is distributed by wprealty.org.
  • The following themes distributed by orange-themes.com appear to contain a remote file upload vulnerability and we’re seeing exploits appear in the wild, all published around November 12, 2013:Rockstar Theme, Reganto Theme, Ray of Light Theme, Radial Theme, Oxygen Theme, Bulteno Theme, Bordeaux Theme. Please contact the vendor to find out of your theme is applicable and what action to take.
  • Amplus Theme version 3.x.x contains a CSRF file upload vulnerability. We’re unclear who the vendor is, but it appears to be Themeforest.
  • Make a Statement Theme version 1.x.x (also known as MaS ) contains a CSRF file upload vulnerability. Exploit distributed November 17, 2013. Vendor is themes.mas.gambit.ph.
  • Dimension Theme, unspecified version, contains a CSRF file upload vulnerability. Theme is distributed by ThemeForest. Exploit appeared November 17th, 2013.
  • Euclid Version 1 Theme contains a CSRF File Upload Vulnerability. Exploit appeared today. Theme is distributed by FreelanceWP.com.
  • Project 10 Theme, Version 1.0. Remote file upload vulnerability. Distributed by ThemeForest. Exploit appeared today.

See also CVE Details

Leave a Reply (All Comments are Moderated)