4.9
CVE-2022-2046
- EPSS 0.76%
- Veröffentlicht 08.08.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 07:00:13
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginDirectorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload
Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.
Mögliche Gegenmaßnahme
Directorist: AI-Powered Business Directory, Listings & Classified Ads: Update to version 7.2.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpwax ≫ Directorist SwPlatformwordpress Version < 7.2.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Directorist: AI-Powered Business Directory, Listings & Classified Ads
Version
*-7.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.506 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://plugins.trac.wordpress.org/changeset/2752034/directorist?contextall=1&old=2731298&old_path=%2Fdirectorist
https://wpscan.com/vulnerability/03a04eab-be47-4195-af77-0df2a32eb807
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f52ec39-18d8-41eb-8712-7369680b8a58