CVE-2022-1103

HIGH

Advanced Uploader < 4.2 - Authenticated Arbitrary File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-1103. PoCs published by Roel van Beurden.

AI-analyzed exploit summary This is a writeup describing an authenticated arbitrary file upload vulnerability in WordPress Plugin Advanced Uploader <=4.2, which can lead to remote code execution. The PoC outlines steps to upload a malicious file via the plugin and access it to achieve RCE.

Description

The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE

Exploits (1)

exploitdb WRITEUP

by Roel van Beurden · textwebappsphp

https://www.exploit-db.com/exploits/50895

View Code ZIP pw:eip

This is a writeup describing an authenticated arbitrary file upload vulnerability in WordPress Plugin Advanced Uploader <=4.2, which can lead to remote code execution. The PoC outlines steps to upload a malicious file via the plugin and access it to achieve RCE.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Advanced Uploader <=4.2

Auth required

Prerequisites: Authenticated access to WordPress · Advanced Uploader plugin installed and activated

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18

Scores

CVSS v3 8.8

EPSS 0.1428

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

advanced_uploader_project/advanced_uploader < 4.2

Published May 16, 2022

Tracked Since Feb 18, 2026