4 matches found
CVE-2022-2046
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...
CVE-2022-2046 Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...
CVE-2022-2046 Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...
CVE-2022-2046
CVE-2022-2046 (Directorist WordPress plugin) affects WordPress Directorist plugin versions prior to 7.2.3. The vulnerability arises because the plugin allows administrators to download other plugins from the vendor directly to the site without validating the ZIP source URL domain, enabling potent...