CVE-2022-45359
WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.
Vulnerabilidad de carga de archivos arbitrarios no autorizadas en el complemento YITH WooCommerce Gift Cards premium en versiones <= 3.19.0 en WordPress.
The Yith WooCommerce Gift Cards Premium plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the import_actions_from_settings_panel function in versions up to, and including, 3.19.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. This is being actively exploited.
WordPress Yith WooCommerce Gift Cards Premium plugin versions 3.19.0 and below suffer from a remote shell upload vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-14 CVE Reserved
- 2022-11-22 CVE Published
- 2024-06-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
- CAPEC-17: Using Malicious Files
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yithemes Search vendor "Yithemes" | Yith Woocommerce Gift Cards Search vendor "Yithemes" for product "Yith Woocommerce Gift Cards" | <= 3.19.0 Search vendor "Yithemes" for product "Yith Woocommerce Gift Cards" and version " <= 3.19.0" | premium, wordpress |
Affected
| ||||||