CVE-2022-1103

moderate-risk
Published 2022-05-16

The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE

Do I need to act?

!
16.6% chance of exploitation in next 30 days
EPSS score — higher than 83% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
50895
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Advanced Uploader Project

References (2)

Exploit https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18
Exploit https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18
48
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 13/34 · Low
Exposure 5/34 · Minimal