Lucene search
HistoryDec 05, 2022 - 5:15 p.m.
CVE-2022-1540
cve-2022-1540
postmagthemes demo import
wordpress
plugin
validation
high-privilege users
arbitrary files
rce
nvd
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.0%
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.
Affected configurations
Node
postmagthemespostmagthemes_demo_importRange≤1.0.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| postmagthemes | postmagthemes_demo_import | * | cpe:2.3:a:postmagthemes:postmagthemes_demo_import:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "PostmagThemes Demo Import",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.0.7"
}
],
"defaultStatus": "affected"
}
]Related
patchstack
patchstack
prion
prion
Design/Logic Flaw
2022-12-05 17:15:00
wpexploit
wpexploit
PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload
2022-11-11 00:00:00
nvd
nvd
CVE-2022-1540
2022-12-05 17:15:09
wpvulndb
wpvulndb
PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload
2022-11-11 00:00:00
cvelist
cvelist
CVE-2022-1540 PostmagThemes Demo <= 1.0.7 - Admin+ Arbitrary File Upload
2022-12-05 16:50:37
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.0%
Related for CVE-2022-1540