CVE-2022-1103

EUVD-2022-24446
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
advanced_uploader_projectadvanced_uploader
𝑥
≤ 4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18
https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18