8.8
CVE-2022-2356
- EPSS 0.78%
- Veröffentlicht 08.08.2022 14:15:08
- Zuletzt bearbeitet 23.06.2026 16:16:57
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginUser Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload
Frontend File Manager & Sharing – User Private Files <= 1.1.2 - Subscriber+ Arbitrary File Upload
The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.
Mögliche Gegenmaßnahme
Secure Client Portal and Private File Sharing Plugin – User Private Files: Update to version 1.1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mediajedi ≫ User Private Files SwPlatformwordpress Version < 1.1.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Secure Client Portal and Private File Sharing Plugin – User Private Files
Version
*-1.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.78% | 0.512 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43
https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43/
https://www.wordfence.com/threat-intel/vulnerabilities/id/67ca3305-9a04-421f-a38e-66b69d2bbd38