CVE-2022-2046

Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload

EPSS 0.8%CWE-434

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 ago 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.

Productos afectados

Unknown · Directorist – WordPress Business Directory Plugin with Classified Ads Listings

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/changeset/2752034/directorist?contextall=1&old=2731298&old_path=%2Fdirectorist https://wpscan.com/vulnerability/03a04eab-be47-4195-af77-0df2a32eb807