Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-2046
HistoryAug 08, 2022 - 1:46 p.m.

CVE-2022-2046 Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload

2022-08-0813:46:03
CWE-434
WPScan
www.cve.org
2
cve-2022-2046
directorist
business directory plugin
admin+ arbitrary file upload
wordpress
multisite configurations.

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.

CNA Affected

[
  {
    "product": "Directorist – WordPress Business Directory Plugin with Classified Ads Listings",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "7.2.3",
        "status": "affected",
        "version": "7.2.3",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
wpvulndb 1
prion 1
cve 1
wpexploit 1
patchstack 1
nvd
nvd
CVE-2022-2046
2022-08-08 14:15:08
wpvulndb
wpvulndb
Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload
2022-07-18 00:00:00
prion
prion
Code injection
2022-08-08 14:15:00
cve
cve
CVE-2022-2046
2022-08-08 14:15:08
wpexploit
wpexploit
Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload
2022-07-18 00:00:00
patchstack
patchstack
WordPress Directorist plugin <= 7.2.2 - Authenticated Arbitrary File Upload vulnerability
2022-07-18 00:00:00

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON
Related for CVELIST:CVE-2022-2046
nvd1wpvulndb1prion1cve1wpexploit1patchstack1