Lucene search
HistoryJan 16, 2023 - 4:15 p.m.
CVE-2022-4060
user post gallery
wordpress
plugin
unauthenticated visitors
arbitrary code
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.385
Percentile
97.3%
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.
Affected configurations
Node
odudeuser_post_galleryRange≤2.19wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| odude | user_post_gallery | * | cpe:2.3:a:odude:user_post_gallery:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2022-4060
2023-01-16 16:15:11
CVE-2023-0039
2023-01-03 15:15:10
cvelist
cvelist
CVE-2022-4060 User Post Gallery <= 2.19 - Unauthenticated RCE
2023-01-16 15:38:05
prion
prion
Code injection
2023-01-16 16:15:00
Open redirect
2023-01-03 15:15:00
githubexploit
githubexploit
Exploit for CVE-2022-4060
2023-09-15 21:38:47
wpvulndb
wpvulndb
User Post Gallery <= 2.19 - Unauthenticated RCE
2022-12-23 00:00:00
nuclei
nuclei
WordPress User Post Gallery <=2.19 - Remote Code Execution
2023-03-05 13:42:10
wpexploit
wpexploit
User Post Gallery <= 2.19 - Unauthenticated RCE
2022-12-23 00:00:00
nvd
nvd
CVE-2023-0039
2023-01-03 15:15:10
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.385
Percentile
97.3%
Related for NVD:CVE-2022-4060