CVE-2022-3921

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
themographicslistingo
𝑥
< 3.2.7
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f