CVE-2022-4060 – User Post Gallery <= 2.19 - Unauthenticated RCE

https://notcve.org/view.php?id=CVE-2022-4060

26 Dec 2022 — The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. El complemento User Post Gallery de WordPress hasta la versión 2.19 no limita las funciones de devolución de llamada que pueden invocar los usuarios, lo que permite a cualquier visitante ejecutar código en los sitios que lo ejecutan. The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which le... • https://github.com/im-hanzou/UPGer • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •