CVE-2022-3921

moderate-risk
Published 2022-12-12

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

Do I need to act?

~
8.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Listingo

Affected Vendors

Themographics

References (2)

Exploit https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f
Exploit https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 5/34 · Minimal