Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2022-1538
wordpress
plugin
vulnerability
arbitrary file uploads
high-privilege users
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.4%
Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.
Affected configurations
Node
themelytheme_demo_importRange<1.1.1wordpress
Related
cve
cve
CVE-2022-1538
2024-01-16 16:15:09
wpexploit
wpexploit
Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
2022-11-08 00:00:00
cvelist
cvelist
CVE-2022-1538 Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
2024-01-16 15:50:34
wpvulndb
wpvulndb
Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
2022-11-08 00:00:00
prion
prion
Design/Logic Flaw
2024-01-16 16:15:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.4%
Related for NVD:CVE-2022-1538