CVE-2022-0316

Description

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

Related CPE's

achimpgroupwestand*****wordpress**

achimpgroupbolster-****wordpress**

asoundblast_projectsoundblast-****wordpress**

aspikes-black_projectspikes-black-****wordpress**

achimpgroupspikes-****wordpress**

apixfillkings_club-****wordpress**

aclub-theme_projectclub-theme-****wordpress**

astatfort_projectstatfort-****wordpress**

aaidreform_projectaidreform-****wordpress**

afootysquare_projectfootysquare-****wordpress**

References

https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c

ExploitThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io