Login Sign Up

CVE-2016-10954

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2016-10954 is an unrestricted file upload vulnerability in the Neosense WordPress theme. It allows attackers to upload arbitrary files, including malicious scripts, to vulnerable WordPress sites. This affects WordPress installations using Neosense theme versions before 1.8.

💻 Affected Systems

Products:
  • Neosense WordPress Theme
Versions: All versions before 1.8
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress with Neosense theme installed and active.

📦 What is this software?

Neosense by Dynamicpress

View all CVEs affecting Neosense →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or website defacement through remote code execution.

🟠

Likely Case

Website defacement, malware distribution, or backdoor installation for persistent access.

🟢

If Mitigated

Limited impact with proper file type validation and execution restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward using publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8

Vendor Advisory: https://wpvulndb.com/vulnerabilities/8622

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Update Neosense theme to version 1.8 or later. 4. If update not available, replace with patched version manually.

🔧 Temporary Workarounds

Disable qquploader functionality

all

Remove or disable the vulnerable qquploader component

Remove qquploader.php file from theme directory

Implement file upload restrictions

linux

Add server-side file type validation and execution restrictions

Add .htaccess rules to prevent PHP execution in uploads directory: AddHandler cgi-script .php .php3 .php4 .php5 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi

🧯 If You Can't Patch

  • Switch to a different WordPress theme immediately
  • Implement web application firewall rules to block file uploads to vulnerable endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Neosense theme version. If version is below 1.8, system is vulnerable.

Check Version:

Check WordPress theme directory for version.txt or style.css file containing version information

Verify Fix Applied:

Confirm Neosense theme version is 1.8 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /wp-content/themes/neosense/ directories
  • POST requests to qquploader endpoints
  • PHP file execution from upload directories

Network Indicators:

  • HTTP POST requests containing file uploads to theme-specific endpoints
  • Unusual outbound connections from web server after file upload

SIEM Query:

source="web_server" AND (uri_path="*qquploader*" OR uri_path="*/wp-content/themes/neosense/*") AND http_method="POST"

📊 Metadata

CVE ID: CVE-2016-10954
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: September 13, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-10954, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)