WordPress Valums Uploader – File Upload Vulnerability

  • Is this Valums Uploader a built in function of WordPress itself or a plugin? The examples look that it’s theme specific, just didn’t know if I had to worry about the core files or not of wordpress.

    [Details moderated]

Viewing 3 replies - 1 through 3 (of 3 total)

  • It’s not part of WordPress as far as I am aware.

    Just cleaning up a compromized website. The Valums Uplaoder was located in themename/functions/jwpanel/scripts/valums_uploader/php.php

    It looks like this was used as an entry gate to upload malicious php files to the wp-uploads folder. Completely bypassing the wp-admin login area…

    That appears to have been part of your theme. Where did you download it from?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘WordPress Valums Uploader – File Upload Vulnerability’ is closed to new replies.

Tags