Lucene search

WPScanCVE-2022-0316

HistoryJan 23, 2023 - 3:15 p.m.

CVE-2022-0316

2023-01-2315:15:13

WPScan

web.nvd.nist.gov

cve-2022-0316

wordpress

theme

file upload

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

Affected configurations

Nvd

Vulners

Node

aidreform_projectaidreformMatch-wordpress

chimpgroupbolsterMatch-wordpress

chimpgroupspikesMatch-wordpress

chimpgroupwestandRange<2.1wordpress

club-theme_projectclub-themeMatch-wordpress

footysquare_projectfootysquareMatch-wordpress

pixfillkings_clubMatch-wordpress

soundblast_projectsoundblastMatch-wordpress

spikes-black_projectspikes-blackMatch-wordpress

statfort_projectstatfortMatch-wordpress

VendorProductVersionCPE
aidreform_projectaidreform-cpe:2.3:a:aidreform_project:aidreform:-:*:*:*:*:wordpress:*:*
chimpgroupbolster-cpe:2.3:a:chimpgroup:bolster:-:*:*:*:*:wordpress:*:*
chimpgroupspikes-cpe:2.3:a:chimpgroup:spikes:-:*:*:*:*:wordpress:*:*
chimpgroupwestand*cpe:2.3:a:chimpgroup:westand:*:*:*:*:*:wordpress:*:*
club-theme_projectclub-theme-cpe:2.3:a:club-theme_project:club-theme:-:*:*:*:*:wordpress:*:*
footysquare_projectfootysquare-cpe:2.3:a:footysquare_project:footysquare:-:*:*:*:*:wordpress:*:*
pixfillkings_club-cpe:2.3:a:pixfill:kings_club:-:*:*:*:*:wordpress:*:*
soundblast_projectsoundblast-cpe:2.3:a:soundblast_project:soundblast:-:*:*:*:*:wordpress:*:*
spikes-black_projectspikes-black-cpe:2.3:a:spikes-black_project:spikes-black:-:*:*:*:*:wordpress:*:*
statfort_projectstatfort-cpe:2.3:a:statfort_project:statfort:-:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
aidreform_project	aidreform	-	cpe:2.3:a:aidreform_project:aidreform:-:::::wordpress::
chimpgroup	bolster	-	cpe:2.3:a:chimpgroup:bolster:-:::::wordpress::
chimpgroup	spikes	-	cpe:2.3:a:chimpgroup:spikes:-:::::wordpress::
chimpgroup	westand	*	cpe:2.3:a:chimpgroup:westand::::::wordpress::*
club-theme_project	club-theme	-	cpe:2.3:a:club-theme_project:club-theme:-:::::wordpress::
footysquare_project	footysquare	-	cpe:2.3:a:footysquare_project:footysquare:-:::::wordpress::
pixfill	kings_club	-	cpe:2.3:a:pixfill:kings_club:-:::::wordpress::
soundblast_project	soundblast	-	cpe:2.3:a:soundblast_project:soundblast:-:::::wordpress::
spikes-black_project	spikes-black	-	cpe:2.3:a:spikes-black_project:spikes-black:-:::::wordpress::
statfort_project	statfort	-	cpe:2.3:a:statfort_project:statfort:-:::::wordpress::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WeStand",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "footysquare",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "aidreform",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "statfort",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "club-theme",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "kingclub-theme",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "spikes",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "spikes-black",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "soundblast",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "bolster",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "affected"
  }
]