The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
CWE |
31 Jan 2023, 18:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Chimpgroup westand
Footysquare Project footysquare Spikes-black Project spikes-black Chimpgroup bolster Pixfill kings Club Club-theme Project Aidreform Project Aidreform Project aidreform Chimpgroup spikes Spikes-black Project Footysquare Project Club-theme Project club-theme Soundblast Project soundblast Statfort Project statfort Soundblast Project Statfort Project Pixfill Chimpgroup |
|
References | (MISC) https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:chimpgroup:bolster:-:*:*:*:*:wordpress:*:* cpe:2.3:a:chimpgroup:spikes:-:*:*:*:*:wordpress:*:* cpe:2.3:a:spikes-black_project:spikes-black:-:*:*:*:*:wordpress:*:* cpe:2.3:a:aidreform_project:aidreform:-:*:*:*:*:wordpress:*:* cpe:2.3:a:chimpgroup:westand:*:*:*:*:*:wordpress:*:* cpe:2.3:a:pixfill:kings_club:-:*:*:*:*:wordpress:*:* cpe:2.3:a:soundblast_project:soundblast:-:*:*:*:*:wordpress:*:* cpe:2.3:a:footysquare_project:footysquare:-:*:*:*:*:wordpress:*:* cpe:2.3:a:club-theme_project:club-theme:-:*:*:*:*:wordpress:*:* cpe:2.3:a:statfort_project:statfort:-:*:*:*:*:wordpress:*:* |
23 Jan 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-23 15:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-0316
Mitre link : CVE-2022-0316
CVE.ORG link : CVE-2022-0316
JSON object : View
Products Affected
club-theme_project
- club-theme
chimpgroup
- spikes
- bolster
- westand
pixfill
- kings_club
spikes-black_project
- spikes-black
aidreform_project
- aidreform
statfort_project
- statfort
soundblast_project
- soundblast
footysquare_project
- footysquare
CWE
No CWE.