Security vulnerability in older Mantra versions

It has come to our attention that there’s a security vulnerability in older Mantra version.

The affected versions are 1.7.7 to 1.8.9.1. No other versions are affected.

If you are running any of these versions, please update as soon as possible.

The vulnerability could allow an attacker to upload a malformed image file in the mantra/uploads folder and potentially execute arbitrary code on the server.

If you are unable to update due to various modifications/customizations you have performed on the theme. delete the mantra/admin/upload-file.php file to remove the vulnerability. (Note that this will prevent you from changing your favicon image in the future)

In both cases, also check the files in mantra/uploads folder and make sure your installation hasn’t been compromised. If you find any suspicious files:

  • non-image files
  • image files which you do not remember to have uploaded
  • weirdly named image files
  • image files with double extensions

delete them immediately, and check your entire hosting account / server to make sure no other files have been compromised.

 

Mantra is a clean, highly customizable and totally free WordPress theme. For more info check out the theme's page.

7 Comments

  1. I have 1992 version of Mantra and I am having all sorts of weird trouble with it. One of which….I changed a list of categories to articles Side header… saved the changes on the dashboard, listed the articles, published the articles and it won’t appear on the list on front page. My deleted list deleted, but the one I put in it’s place won’t appear.. Now when I put in a new post is comes on front page as well., in place of featured article. A default was set up to appear when I didn’t categorize an article. I need to changed that. Went in changed it, saved changes and it goes right back to automatic category and it won’t let me changed that. It seems I cannot change much of anything. This version has been a sore disappointment. Don’t know what to do. Do you think I could the same trouble with this version as well?

This article is closed to new comments.