CVE-2022-3921

EUVD-2022-43255
The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
themographicslistingo
𝑥
< 3.2.7
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f