The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 03 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-04-03T19:12:48.241Z

Reserved: 2022-01-20T09:29:34.686Z

Link: CVE-2022-0316

cve-icon Vulnrichment

Updated: 2024-08-02T23:25:39.589Z

cve-icon NVD

Status : Modified

Published: 2023-01-23T15:15:13.703

Modified: 2025-04-03T20:15:16.417

Link: CVE-2022-0316

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.