Full title: WordPress Holding Pattern Theme Arbitrary File Upload Exploit 
Category: web applications
Platform: php
This module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

# 0day.today @ http://0day.today/