Lucene search

WPScanCVELIST:CVE-2022-3921

HistoryDec 12, 2022 - 5:57 p.m.

CVE-2022-3921 Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload

2022-12-1217:57:09

WPScan

www.cve.org

cve-2022-3921

listingo

wordpress

unauthenticated

file upload

rce

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

71.1%

JSON

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Listingo",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.2.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f