CVE-2022-3921

Name of the Vulnerable Software and Affected Versions Listingo WordPress theme versions prior to 3.2.7

Description The issue concerns the lack of file validation for uploads via an AJAX action that is accessible to unauthenticated users. This could allow attackers to upload arbitrary files, potentially leading to remote code execution (RCE).

Recommendations For Listingo WordPress theme versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX upload action to authenticated users only.