The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f - Exploit, Third Party Advisory |
14 Dec 2022, 21:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-12 18:15
Updated : 2024-11-21 07:20
NVD link : CVE-2022-3921
Mitre link : CVE-2022-3921
CVE.ORG link : CVE-2022-3921
JSON object : View
Products Affected
themographics
- listingo
CWE
No CWE.