The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Aidreform | Aidreform_project | - (including) | - (including) |
| Bolster | Chimpgroup | - (including) | - (including) |
| Spikes | Chimpgroup | - (including) | - (including) |
| Westand | Chimpgroup | * | 2.1 (excluding) |
| Club-theme | Club-theme_project | - (including) | - (including) |
| Footysquare | Footysquare_project | - (including) | - (including) |
| Kings_club | Pixfill | - (including) | - (including) |
| Soundblast | Soundblast_project | - (including) | - (including) |
| Spikes-black | Spikes-black_project | - (including) | - (including) |
| Statfort | Statfort_project | - (including) | - (including) |