Interference Security reports Arbitrary File Download and File Deletion Exploit
About the Theme
Persuasion is a popular them theme sold by “MySiteMyWay.com”
About the Vulnerabilities
The file exposing the vulnerability is /wp-content/themes/persuasion/lib/scripts/dl-skin.php.
Using the file the attacker can download any file accessible to the web browser from the server. Should the file be writeable, the file can be deleted. This can cause major damage to the installations.
Remove theme until update is available.
Version: 2.0, 2.3