Vulnerability Description
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aidreform Project | Aidreform | - |
| Chimpgroup | Bolster | - |
| Chimpgroup | Spikes | - |
| Chimpgroup | Westand | < 2.1 |
| Club-Theme Project | Club-Theme | - |
| Footysquare Project | Footysquare | - |
| Pixfill | Kings Club | - |
| Soundblast Project | Soundblast | - |
| Spikes-Black Project | Spikes-Black | - |
| Statfort Project | Statfort | - |
References
- https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7cExploitThird Party Advisory
- https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7cExploitThird Party Advisory
FAQ
What is CVE-2022-0316?
CVE-2022-0316 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress t...
How severe is CVE-2022-0316?
CVE-2022-0316 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-0316?
Check the references section above for vendor advisories and patch information. Affected products include: Aidreform Project Aidreform, Chimpgroup Bolster, Chimpgroup Spikes, Chimpgroup Westand, Club-Theme Project Club-Theme.