PT-2022-19176 · WordPress · Givewp
Rafie Muhammad
·
Published
2022-07-21
·
Updated
2022-07-25
·
CVE-2022-28700
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GiveWP plugin versions <= 2.20.2
Description
The issue is related to an Authenticated Arbitrary File Creation vulnerability via the Export function in the GiveWP plugin for WordPress. This allows for the creation of arbitrary files by authenticated users.
Recommendations
For GiveWP plugin versions <= 2.20.2, update to a version higher than 2.20.2 to resolve the issue. As a temporary workaround, consider restricting access to the Export function until a patch is available.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Givewp