Vulnerability Details : CVE-2022-3989
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.
Products affected by CVE-2022-3989
- Stylemixthemes » Motors - Car Dealer, Classifieds & Listing » For WordpressVersions before (<) 1.4.4cpe:2.3:a:stylemixthemes:motors_-_car_dealer\,_classifieds_\&_listing:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3989
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3989
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-3989
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: contact@wpscan.com (Primary)
References for CVE-2022-3989
-
https://wpscan.com/vulnerability/1bd20329-f3a5-466d-81b0-e4ff0ca32091
Just a moment...Exploit;Third Party Advisory
Jump to