WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Valums Uploader - File Upload Vulnerability (4 posts)

  1. Ocala Website Designs
    Member
    Posted 1 year ago #

    Is this Valums Uploader a built in function of WordPress itself or a plugin? The examples look that it's theme specific, just didn't know if I had to worry about the core files or not of wordpress.

    [Details moderated]

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    It's not part of WordPress as far as I am aware.

  3. Manuel Schmalstieg
    Member
    Posted 1 year ago #

    Just cleaning up a compromized website. The Valums Uplaoder was located in themename/functions/jwpanel/scripts/valums_uploader/php.php

    It looks like this was used as an entry gate to upload malicious php files to the wp-uploads folder. Completely bypassing the wp-admin login area...

  4. esmi
    Forum Moderator
    Posted 1 year ago #

    That appears to have been part of your theme. Where did you download it from?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags