CVE-2022-0316
Published: 23 January 2023
Summary
CVE-2022-0316 is a critical-severity an unspecified weakness vulnerability in Aidreform Project Aidreform. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability is an unauthenticated arbitrary file upload flaw present in the lang_upload.php component of multiple WordPress themes developed by ChimpStudio and PixFill, including WeStand (versions before 2.1), footysquare, aidreform, statfort, club-theme, kingclub-theme, spikes, spikes-black, soundblast, and bolster. The root cause is the complete absence of authorization checks and file validation logic, which permits any remote actor to write attacker-controlled content directly to the web server.
An unauthenticated attacker can exploit the issue over the network by sending a crafted HTTP request to the vulnerable upload endpoint. Successful exploitation grants the ability to place arbitrary files, including web shells, resulting in full confidentiality, integrity, and availability impact on the affected site, consistent with the CVSS 9.8 rating.
Public references from WPScan document the affected themes and confirm the missing controls, indicating that site owners should apply vendor updates where available or remove the themes. The EPSS score has reached a peak of 0.3889 with a current value of 0.3637, reflecting sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-15486
Vulnerability details
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have…
more
any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.