Vulnerabilities > CVE-2022-3921 - Unspecified vulnerability in Themographics Listingo

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

themographics

critical

NVD

Published: 2022-12-12

Updated: 2023-11-07

Summary

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

Vulnerable Configurations

Part	Description	Count
Application	Themographics Themographics Listingo *	1

References

https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f