CVE-2022-0316

Published: Jan 23, 2023Modified: Apr 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

Affected (10)

Products: Aidreform Project: Aidreform · Chimpgroup: Bolster, Spikes, Westand · Club Theme Project: Club Theme · +5 more

Show all products

Aidreform Project: Aidreform · Chimpgroup: Bolster, Spikes, Westand · Club Theme Project: Club Theme · Footysquare Project: Footysquare · Pixfill: Kings Club · Soundblast Project: Soundblast · Spikes Black Project: Spikes Black · Statfort Project: Statfort

1 product

3 products

1 product

1 product

1 product

1 product

1 product

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Aidreform Project Aidreform	All versions
Chimpgroup Bolster	All versions
Chimpgroup Spikes	All versions
Chimpgroup Westand	Before 2.1
Club Theme Project Club Theme	All versions
Footysquare Project Footysquare	All versions
Pixfill Kings Club	All versions
Soundblast Project Soundblast	All versions
Spikes Black Project Spikes Black	All versions
Statfort Project Statfort	All versions

References (2)

https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.