CVE-2022-1777 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2022-1777?

CVE-2022-1777 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1777?

Check the references section above for vendor advisories and patch information. Affected products include: Filr Project Filr.

Vulnerability Description

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Filr Project	Filr	< 1.2.2.1

Related Weaknesses (CWE)

CWE-862

References

https://wpscan.com/vulnerability/a50dc7f8-a9e6-41fa-a047-ad1c3bc309b4ExploitThird Party Advisory
https://wpscan.com/vulnerability/a50dc7f8-a9e6-41fa-a047-ad1c3bc309b4ExploitThird Party Advisory

FAQ

What is CVE-2022-1777?

CVE-2022-1777 is a vulnerability with a CVSS score of 8.8 (HIGH). The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected...

How severe is CVE-2022-1777?

CVE-2022-1777 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1777?

Check the references section above for vendor advisories and patch information. Affected products include: Filr Project Filr.