Primary

Context

WordPress SpicePress Theme Cross-Site Request Forgery Vulnerability Allowing Web Shell Upload

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress SpicePress theme, specifically in versions through 2.3.2.5. This vulnerability allows attackers to trick users with higher privileges into uploading a web shell to the server, potentially leading to unauthorized access or control.

Impact

Exploitation of this vulnerability could enable a malicious actor to upload a web shell to the server, allowing for remote code execution.

Remediation

Users are advised to update the SpicePress theme to the latest version. If unable to update, consult with your hosting provider or web developer for assistance.

Added: Apr 8, 2026, 10:33 AM

Updated: Apr 8, 2026, 10:33 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress SpicePress Theme Cross-Site Request Forgery Vulnerability Allowing Web Shell Upload

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating