← Zuruck zu CVEs
CVE-2022-3921
CRITICAL9.8
Beschreibung
The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/12/2022
Zuletzt geandert4/22/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
themographics:listingo
Referenzen
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f(contact@wpscan.com)
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.