GHSA-mc6x-cw9h-wfr5CriticalCVSS 9.8

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated...

Published
June 8, 2026
Last Modified
June 8, 2026

🔗 CVE IDs covered (1)

📋 Description

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.

🔗 References (4)