The Modular Theme for WordPress can be vulnerable to a security issue called Arbitrary File Download in versions up to 2.4. An unauthenticated attacker could take advantage of this by downloading any file from the server where the vulnerable service is running. This is caused by the ‘_mysite_download_skin’ parameter in the ‘dl-skin.php’ file.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
