Lucene search
HistoryDec 05, 2022 - 5:15 p.m.
CVE-2022-1540
postmagthemes demo import
wordpress
plugin
arbitrary files
rce
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.0%
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.
Affected configurations
Node
postmagthemespostmagthemes_demo_importRange≤1.0.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| postmagthemes | postmagthemes_demo_import | * | cpe:2.3:a:postmagthemes:postmagthemes_demo_import:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2022-1540
2022-12-05 17:15:09
prion
prion
Design/Logic Flaw
2022-12-05 17:15:00
wpexploit
wpexploit
PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload
2022-11-11 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload
2022-11-11 00:00:00
cvelist
cvelist
CVE-2022-1540 PostmagThemes Demo <= 1.0.7 - Admin+ Arbitrary File Upload
2022-12-05 16:50:37
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.0%
Related for NVD:CVE-2022-1540