Back to KEVs

CVE-2013-7102

Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 14, 2013
Published Date
December 23, 2013
Last Updated
August 06, 2024
Vendor
OptimizePress
Product
OptimizePress theme for WordPress
Description
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.
Tags
wordpress php metasploit_scanner

CVSS Scores

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild
Yes (2013-12-23 23:00:00 UTC) Source

References

http://help.optimizepress.com/customer/portal/articles/1381790-important-optimizepress-1-0-security-update http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/ http://blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html http://seclists.org/fulldisclosure/2013/Dec/127

Known Exploited Vulnerability Information

Source Added Date
CVE 2013-12-23 23:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_optimizepress_upload.rb 2025-04-29 11:01:29 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

wp_optimizepress_upload

Type: metasploit • Created: Unknown

Metasploit module for CVE-2013-7102

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit