CVE-2022-0316

Published: Jan 23, 2023

Modified: Apr 3, 2025

PUBLISHED

Description

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

Vendor	Product	Versions
Unknown	WeStand	affected `0 - < 2.1`
Unknown	footysquare	affected `0 - <= *`
Unknown	aidreform	affected `0 - <= *`
Unknown	statfort	affected `0 - <= *`
Unknown	club-theme	affected `0 - <= *`
Unknown	kingclub-theme	affected `0 - <= *`
Unknown	spikes	affected `0 - <= *`
Unknown	spikes-black	affected `0 - <= *`
Unknown	soundblast	affected `0 - <= *`
Unknown	bolster	affected `0 - <= *`

References

https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c

exploit

vdb-entry

technical-description

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-0316

Description

Affected Products

References