| |
Vulnerability CVE-2022-1939
Published: 2022-06-20
Description: |
The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to |
Type:
CWE-434 (Unrestricted Upload of File with Dangerous Type)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f
|
|
|
Copyright 2024, cxsecurity.com
|
|
|