Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2022-1538
cve-2022-1538
theme demo import
wordpress plugin
file upload vulnerability
admin privilege escalation
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.4%
Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.
Affected configurations
Node
themelytheme_demo_importRange<1.1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| themely | theme_demo_import | * | cpe:2.3:a:themely:theme_demo_import:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Theme Demo Import",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.1.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
2022-11-08 00:00:00
prion
prion
Design/Logic Flaw
2024-01-16 16:15:00
nvd
nvd
CVE-2022-1538
2024-01-16 16:15:09
cvelist
cvelist
CVE-2022-1538 Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
2024-01-16 15:50:34
wpvulndb
wpvulndb
Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
2022-11-08 00:00:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.4%
Related for CVE-2022-1538