PT-2023-12626 · WordPress · Club-Theme+9
Joshua Small
·
Published
2023-01-23
·
Updated
2023-01-31
·
CVE-2022-0316
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WeStand WordPress theme versions prior to 2.1
footysquare WordPress theme
aidreform WordPress theme
statfort WordPress theme
club-theme WordPress theme
kingclub-theme WordPress theme
spikes WordPress theme
spikes-black WordPress theme
soundblast WordPress theme
bolster WordPress theme
Description
The issue concerns a lack of authorization and upload validation in the
lang upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server. This enables potential malicious activities without proper access controls.Recommendations
For WeStand WordPress theme version prior to 2.1, update to version 2.1 or later.
For footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, and bolster WordPress theme, consider disabling the
lang upload.php file until a patch is available to prevent unauthorized file uploads.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Westand
Aidreform
Bolster
Club-Theme
Footysquare
Kingclub-Theme
Soundblast
Spikes
Spikes-Black
Statfort