Themes Vulnerabilities

Modular 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download

Description

The modular WordPress theme was affected by a dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download security vulnerability.

Affects Themes

modular
Fixed in 2.5

References

Exploitdb
30443

Miscellaneous

Verified
No
WPVDB ID
9176be9c-1ad7-4966-891c-43f7b125361a

Timeline

Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2017-03-01
Title
VaultPress <= 1.8.6 - Backend Server SSL Verification Disabled
Published
2014-08-01
Title
Simple History - RSS Feed "rss_secret" Disclosure Weakness
Published
2021-11-25
Title
WordPress < 5.8 - Plugin Confusion
Published
2014-08-01
Title
WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit
Published
2018-07-06
Title
Ninja Forms < 3.3.9 - Insufficient Restrictions during Export Personal Data requests