CVE-2022-28590

Name of the Vulnerable Software and Affected Versions Pixelimity version 1.0

Description A Remote Code Execution (RCE) issue exists due to the lack of input data sanitization. This allows a remote attacker to execute arbitrary code through the "admin/admin-ajax.php?action=install theme" endpoint. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Pixelimity version 1.0, as a temporary workaround, consider disabling access to the "admin/admin-ajax.php?action=install theme" endpoint until a patch is available. Restrict input data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.