WordPress Holding Pattern Theme Arbitrary File Upload

This Metasploit module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

Leave a Reply