Unrated severityNVD Advisory· Published Dec 23, 2013· Updated Apr 29, 2026

CVE-2013-7102

Description

Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.

Affected products

Optimizepress/Optimizepress
cpe:2.3:a:optimizepress:optimizepress:*:-:-:*:-:wordpress:*:*
Range: <=1.60

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.htmlnvdExploit
www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/nvdExploit
help.optimizepress.com/customer/portal/articles/1381790-important-optimizepress-1-0-security-updatenvd
seclists.org/fulldisclosure/2013/Dec/127nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.051
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000