CVE-2022-0316

23.01.2023, 15:15

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPScan	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
aidreform_project	aidreform	-
chimpgroup	bolster	-
chimpgroup	spikes	-
chimpgroup	westand	𝑥 < 2.1
club-theme_project	club-theme	-
footysquare_project	footysquare	-
pixfill	kings_club	-
soundblast_project	soundblast	-
spikes-black_project	spikes-black	-
statfort_project	statfort	-

𝑥

= Vulnerable software versions

Known Exploits!

References

https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c