CVE-2022-1788

Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF

EPSS 0.7%CWE-352

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Jun 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.

Affected products

Unknown · Change Uploaded File Permissions

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462