CVE-2022-1788

Published: Jun 13, 2022Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.

Affected (1)

Products: Change Uploaded File Permissions Project: Change Uploaded File Permissions

Change Uploaded File Permissions Project

1 product

Change Uploaded File Permissions

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Change Uploaded File Permissions Project Change Uploaded File Permissions	Up to 4.0.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.