Lucene search

[email protected]NVD:CVE-2022-3416

HistoryJan 09, 2023 - 11:15 p.m.

CVE-2022-3416

2023-01-0923:15:26

[email protected]

web.nvd.nist.gov

wptouch

wordpress

plugin

image validation

high privilege users

arbitrary files

server vulnerability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.8%

JSON

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Affected configurations

NVD

Node

bravenewcodewptouchRange<4.3.45wordpress

References

wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for NVD:CVE-2022-3416

cvelist1 cve1 prion1 openvas1 fedora4