Vulnerability CVE-2022-0316


Published: 2023-01-23

Description:
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

See advisories in our WLB2 database:
Topic
Author
Date
High
Wordpress Multiple themes - Unauthenticated Arbitrary File Upload
kill_the_net
12.02.2023

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

 References:
https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c

Copyright 2024, cxsecurity.com

 

Back to Top