Vulnerabilities > CVE-2022-0316

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

Vulnerable Configurations

Part	Description	Count
Application	Chimpgroup Chimpgroup Westand - Chimpgroup Bolster - Chimpgroup Spikes -	3
Application	Soundblast_Project Soundblast Project Soundblast -	1
Application	Spikes-Black_Project Spikes Black Project Spikes Black -	1
Application	Pixfill Pixfill Kings Club -	1
Application	Club-Theme_Project Club Theme Project Club Theme -	1
Application	Statfort_Project Statfort Project Statfort -	1
Application	Aidreform_Project Aidreform Project Aidreform -	1
Application	Footysquare_Project Footysquare Project Footysquare -	1

References

https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c

Vulnerabilities > CVE-2022-0316 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-0316"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-0316