GHSA-mc6x-cw9h-wfr5CriticalCVSS 9.8
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated...
🔗 CVE IDs covered (1)
📋 Description
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.