Vulnerability Description
The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Themographics | Listingo | < 3.2.7 |
References
- https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14fExploitThird Party Advisory
- https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14fExploitThird Party Advisory
FAQ
What is CVE-2022-3921?
CVE-2022-3921 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE
How severe is CVE-2022-3921?
CVE-2022-3921 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-3921?
Check the references section above for vendor advisories and patch information. Affected products include: Themographics Listingo.