Vulnerabilities > CVE-2022-1540 - Unspecified vulnerability in Postmagthemes Demo Import 1.0.7

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

postmagthemes

NVD

Published: 2022-12-05

Updated: 2023-11-07

Summary

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.

Vulnerable Configurations

Part	Description	Count
Application	Postmagthemes Postmagthemes Postmagthemes Demo Import 1.0.7	1

References

https://wpscan.com/vulnerability/77a524d8-0b1a-407a-98d2-d8d0ed78fa0f