• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

WordPress Theme “dance-studio” Vulnerable to Arbitrary Shell Upload

Afrasiab Khan by Afrasiab Khan
February 14, 2017
Wordpress Theme "dance-studio" Vulnerable to Arbitrary Shell Upload
Share on FacebookShare on Twitter

A vulnerability in the WordPress theme “dance-studio” has been discovered allowing attackers to upload malicious files like a shell, onto the targeted website. The exploit was posted to the exploit database, “0.day.today?” and has been authored by a security analyst going by the alias of xBADGIRL21. The exploit when used uploads a shell file onto the website through the “/wp-content/uploads/” directory path.

Screenshot of full exploit uploaded onto 0day.today? exploit database by xBADGIRL21
Screenshot of full exploit uploaded onto 0day.today? exploit database by xBADGIRL21

xBADGIRL21 also uploaded a YouTube video showing proof as to how the exploit can be used to breach WordPress websites who have the theme installed. The exploit runs a html script that grants permission to the hacker to upload any file they desire.

Video proof of concept (PoC) of the exploitation of the vulnerability uploaded to YouTube by author xBADGIRL21:

Code used to upload the shell onto the dance-studio themed WordPress website:

Screenshot of html code of the exploit
Screenshot of html code of the exploit

WordPress itself has nothing to do with the bugs found. It is solely an issue with the code the programmers of the theme have implemented. The theme creators and coders are not yet aware of the exploit as of yet since no patch has been made or deployed. The creators of the dance-studio theme have not addressed the critical vulnerability as of yet either.

Tags: WordpressWordpress Theme
Afrasiab Khan

Afrasiab Khan

A newbie writer at The Hack Post. Completely in love with technology. Writing has always been a passion of mine and so is hacking. Combine them together and you get me. A bit of experience in the fields of cyber security and looking to expand on that in the times to come. As a student of Engineering, being an author at The Hack Post helps me cope with the stress that comes with that.

Next Post
UK Police Website Hacked

UK Police Website Hacked by Turkish Hackers

Latest Articles

Startup expansion strategy for entering the US market, global business growth concept
Business

Graham R Taylor: How a Startup Knows It Is Ready to Enter the U.S. Market

July 10, 2026
Image 1 of Why Multi-Flavor Disposable Vapes Become Popular Among German and Spanish Vapers
Business

Why Multi-Flavor Disposable Vapes Become Popular Among German and Spanish Vapers

July 7, 2026
Image 1 of How Real-Time Technology Enhances the Online Gaming Experience
Gaming

How Real-Time Technology Enhances the Online Gaming Experience

July 1, 2026
Image 1 of Here are ten ways to improve your personal security in crypto, from the basics everyone should follow to the steps that matter most if you’re a public investor, founder, or executive.
Cyber Security

10 Ways to Improve Your Personal Security in Crypto

June 28, 2026
Image 1 of Best Video Face Swap AI Tools in 2026: 8 Platforms Compared for Realistic Face Swapping
Business

Best Video Face Swap AI Tools in 2026: 8 Platforms Compared for Realistic Face Swapping

June 28, 2026
Insurance risk assessment concept with documents, charts, and coverage policy on a desk
Business

Eric Poe: Understanding Insurance Risk Assessment and Its Role in Fair Coverage

June 26, 2026
Wooden garden fence with lush greenery, showcasing popular garden fencing design and materials
Business

Key Considerations When Building Garden Fencing

June 25, 2026
Image 1 of Growing Smarter & Faster with Outsourced Accounting and HR Services
Business

Growing Smarter & Faster with Outsourced Accounting and HR Services

June 23, 2026
Image 1 of Site: http://thehackpost.com
Business

How Does Sustainability Management Improve Business Performance and Profitability?

June 22, 2026
Modern air conditioner and ceiling fan in a bright living room for effective summer cooling solutions
Featured

Cooling Solutions for a Refreshing Summer

June 21, 2026
TradeQuo platform interface showcasing crypto trading features and broker award recognition
Business

TradeQuo: What a Fast-Growing Crypto Broker Award Tells Traders About the Platform

June 17, 2026
Conceptual graphic illustrating data breach monitoring and exposure intelligence solutions for businesses
Cyber Security

HIBP Alternatives for Businesses: Moving From Breach Lookup to Exposure Intelligence

June 16, 2026
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019