WordPress theme publisher DynamicPress fixed a flaw Monday that let anyone upload malicious files to sites running its business-themed Neosense WordPress templates, compromise the site and possibly the server hosting it.
Walter Hop, security researcher with Netherlands-based company, Slik, made the discovery last week. The flaw impacts version 1.7 of the Neosense theme. On Monday, DynamicPress released a 1.8 version update that patches the vulnerability. Hop publicly disclosed the vulnerability Monday.