CVE-2022-4774
CVSS V2 None
CVSS V3 None
Description
The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
Overview
- CVE ID
- CVE-2022-4774
- Assigner
- contact@wpscan.com
- Vulnerability Status
- Awaiting Analysis
- Published Version
- 2023-05-15T13:15:09
- Last Modified Date
- 2023-05-15T13:26:09
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4774 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4774 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-05-15 14:01:46 | Added to TrackCVE | |||
| 2023-05-15 14:01:51 | Weakness Enumeration | new |