cbcvebase.
CVE-2013-7102
published 2013-12-23

CVE-2013-7102: Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in…

PriorityP277medium6.8CVSS 2.0
AVNACMAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
14.80%
96.3th percentile
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.

Affected

1 ranges
VendorProductVersion rangeFixed in
optimizepressoptimizepress<= 1.60

Detection & IOCsextracted from sources · hover to see the quote

pathlib/admin/media-upload.php
pathlib/admin/media-upload-lncthumb.php
pathlib/admin/media-upload-sq_button.php
pathwp-content/uploads/optpress/images_comingsoon/
pathwp-content/uploads/optpress/images_lncthumbs/
pathwp-content/uploads/optpress/images_optbuttons/
  • Monitor for HTTP POST requests targeting lib/admin/media-upload.php, media-upload-lncthumb.php, or media-upload-sq_button.php with multipart file uploads containing executable extensions (e.g., .php, .php5, .phtml).
  • Alert on HTTP GET/POST requests to wp-content/uploads/optpress/images_comingsoon/, images_lncthumbs/, or images_optbuttons/ for files with executable extensions, indicating post-upload webshell access.
  • This vulnerability was actively exploited in the wild in November 2013; prioritize detection on WordPress installations running OptimizePress versions prior to 1.61.
  • The Metasploit module targets OptimizePress 1.45 specifically; treat this version as a high-risk indicator during asset inventory.
  • ·The upload endpoints (media-upload.php, media-upload-lncthumb.php, media-upload-sq_button.php) allow unrestricted file extensions with no authentication check enforced by the theme, meaning any remote attacker can upload and execute arbitrary code without credentials.

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.