CVE-2022-1103

HIGH

Advanced Uploader < 4.2 - Unrestricted File Upload

Title source: rule

Description

The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE

Exploits (1)

exploitdb WRITEUP

by Roel van Beurden · textwebappsphp

https://www.exploit-db.com/exploits/50895

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18

Scores

CVSS v3 8.8

EPSS 0.1664

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

advanced_uploader_project/advanced_uploader < 4.2

Published May 16, 2022

Tracked Since Feb 18, 2026