CVE-2022-4060

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
odudeuser_post_gallery
𝑥
≤ 2.19
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e
https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e