PT-2022-14204 · WordPress · Allow Svg Files

Luan Pedersini

Published

2022-06-20

Updated

2022-06-28

CVE-2022-1939

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Allow svg files WordPress plugin versions prior to 1.1

Description The issue concerns the improper validation of uploaded files, which could allow high-privilege users, such as administrators, to upload PHP files even when they are not supposed to. This could potentially lead to security breaches.

Recommendations For versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting file upload permissions for high-privilege users until the update is applied.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-1939

Affected Products

Allow Svg Files

PT-2022-14204 · WordPress · Allow Svg Files

CVE-2022-1939

Weakness Enumeration

Related Identifiers

Affected Products

References · 4