CVE-2022-0316

Name of the Vulnerable Software and Affected Versions WeStand WordPress theme versions prior to 2.1 footysquare WordPress theme aidreform WordPress theme statfort WordPress theme club-theme WordPress theme kingclub-theme WordPress theme spikes WordPress theme spikes-black WordPress theme soundblast WordPress theme bolster WordPress theme

Description The issue concerns a lack of authorization and upload validation in the lang upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server. This enables potential malicious activities without proper access controls.

Recommendations For WeStand WordPress theme version prior to 2.1, update to version 2.1 or later. For footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, and bolster WordPress theme, consider disabling the lang upload.php file until a patch is available to prevent unauthorized file uploads.