Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/b19adf7c-3983-487b-9b46-0f2922b08c1c/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-16T15:50:34.551Z
Updated: 2024-01-16T15:50:50.652Z
Reserved: 2022-04-29T14:14:36.711Z
Link: CVE-2022-1538
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-16T16:15:09.437
Modified: 2024-01-19T19:51:17.537
Link: CVE-2022-1538
JSON object: View
Redhat Information
No data.
CWE