Lucene search
HistoryJan 09, 2023 - 11:15 p.m.
CVE-2022-3416
wptouch
wordpress
plugin
image validation
high privilege users
arbitrary files
server vulnerability
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.3%
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Affected configurations
Node
bravenewcodewptouchRange<4.3.45wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bravenewcode | wptouch | * | cpe:2.3:a:bravenewcode:wptouch:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2022-3416 WPtouch < 4.3.45 - Admin+ Arbitrary File Upload
2023-01-09 22:13:28
prion
prion
Design/Logic Flaw
2023-01-09 23:15:00
cve
cve
CVE-2022-3416
2023-01-09 23:15:26
openvas
openvas
WordPress WPtouch Plugin < 4.3.45 Multiple Vulnerabilities
2023-04-20 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: java-11-openjdk-11.0.16.0.8-1.fc35
2022-08-03 01:49:35
[SECURITY] Fedora 36 Update: java-1.8.0-openjdk-1.8.0.342.b07-1.fc36
2022-08-03 01:27:52
[SECURITY] Fedora 36 Update: java-11-openjdk-11.0.16.0.8-1.fc36
2022-08-03 01:27:36
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.3%
Related for NVD:CVE-2022-3416