Lucene search
WPScanCVE-2022-1540HistoryDec 05, 2022 - 5:15 p.m.
CVE-2022-1540
2022-12-0517:15:09
WPScan
web.nvd.nist.gov
37
cve-2022-1540
postmagthemes demo import
wordpress
plugin
validation
high-privilege users
arbitrary files
rce
nvd
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.0%
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.
Affected configurations
Node
postmagthemespostmagthemes_demo_importRange≤1.0.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| postmagthemes | postmagthemes_demo_import | * | cpe:2.3:a:postmagthemes:postmagthemes_demo_import:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "PostmagThemes Demo Import",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.0.7"
}
],
"defaultStatus": "affected"
}
]Related
prion
prion
Design/Logic Flaw
2022-12-05 17:15:00
nvd
nvd
CVE-2022-1540
2022-12-05 17:15:09
wpexploit
wpexploit
PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload
2022-11-11 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload
2022-11-11 00:00:00
cvelist
cvelist
CVE-2022-1540 PostmagThemes Demo <= 1.0.7 - Admin+ Arbitrary File Upload
2022-12-05 16:50:37
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.0%
Related for CVE-2022-1540