Vulnerabilities Found in Motor WordPress Theme < 3.1

Harald Eilertsen posted: " During an audit of the Motor theme (full name "Motor – Cars, Parts, Service, Equipments and Accessories WooCommerce Store" by Stockware) for WordPress, we found a number of rather severe vulnerabilities. These vulnerabilities would allow an unauthenti" New post on Jetpack: WordPress Security, Performance, and Growth Vulnerabilities Found in Motor WordPress Theme < 3.1 by Harald Eilertsen During an audit of the Motor theme (full name "Motor – Cars, Parts, Service, Equipments and Accessories WooCommerce Store" by Stockware) for WordPress, we found a number of rather severe vulnerabilities. These vulnerabilities would allow an unauthenticated attacker complete read access to files on the file system of the site host, and would also allow them to run any PHP scripts found in the file system. We did not identify any upload vulnerabilities in the Motor theme, but paired with other vulnerable plugins this could allow for a complete takeover of the vulnerable site. We disclosed these vulnerabilities to the theme store who then contacted the theme vendor with our findings. A fixed version of the theme was released as version 3.1 on June 3, 2021. We encourage everybody using this theme to upgrade to the latest version immediately! Read more of this post Harald Eilertsen | June 9, 2021 at 11:00 am | Categories: Vulnerabilities | URL: https://wp.me/p1moTy-vNW Unsubscribe to no longer receive posts from Jetpack: WordPress Security, Performance, and Growth. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://jetpack.com/2021/06/09/motor-wordpress-theme-vulnerabilities/ Thanks for flying with WordPress.com