CVE-2022-2180

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:greyd:greyd.suite:*:*:*:*:*:wordpress:*:*

History

16 Aug 2022, 18:00

Type Values Removed Values Added
First Time Greyd
Greyd greyd.suite
References (MISC) https://wpscan.com/vulnerability/c330f92b-1e21-414f-b316-d5e97cb62bd1 - (MISC) https://wpscan.com/vulnerability/c330f92b-1e21-414f-b316-d5e97cb62bd1 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:greyd:greyd.suite:*:*:*:*:*:wordpress:*:*

15 Aug 2022, 11:21

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-15 11:21

Updated : 2023-12-10 14:35


NVD link : CVE-2022-2180

Mitre link : CVE-2022-2180

CVE.ORG link : CVE-2022-2180


JSON object : View

Products Affected

greyd

  • greyd.suite
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type