The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c330f92b-1e21-414f-b316-d5e97cb62bd1 | Exploit Third Party Advisory |
Configurations
History
16 Aug 2022, 18:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Greyd
Greyd greyd.suite |
|
References | (MISC) https://wpscan.com/vulnerability/c330f92b-1e21-414f-b316-d5e97cb62bd1 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:greyd:greyd.suite:*:*:*:*:*:wordpress:*:* |
15 Aug 2022, 11:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-15 11:21
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2180
Mitre link : CVE-2022-2180
CVE.ORG link : CVE-2022-2180
JSON object : View
Products Affected
greyd
- greyd.suite
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type