{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4060", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2022-11-18T18:30:16.280Z", "datePublished": "2023-01-16T15:38:05.280Z", "dateUpdated": "2024-08-03T01:27:54.404Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-16T15:38:05.280Z"}, "title": "User Post Gallery <= 2.19 - Unauthenticated RCE", "problemTypes": [{"descriptions": [{"description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "User Post Gallery", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThanOrEqual": "2.19"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it."}], "references": [{"url": "https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "cydave", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.404Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:odude:user_post_gallery:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DCE17690-0E7C-4ED8-B244-F17B444D5D18", "versionEndIncluding": "2.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it."}, {"lang": "es", "value": "El complemento User Post Gallery de WordPress hasta la versi\u00f3n 2.19 no limita las funciones de devoluci\u00f3n de llamada que pueden invocar los usuarios, lo que permite a cualquier visitante ejecutar c\u00f3digo en los sitios que lo ejecutan."}], "id": "CVE-2022-4060", "lastModified": "2023-11-07T03:56:49.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-16T16:15:11.000", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}