CVE-2022-3416

EUVD-2022-42793
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
bravenewcodewptouch
𝑥
< 4.3.45
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6
https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6