CVE-2022-1788

MEDIUM

Change Uploaded File Permissions < 4.0.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462

Scores

CVSS v3 6.5
EPSS 0.0074
EPSS Percentile 50.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
change_uploaded_file_permissions_project/change_uploaded_file_permissions < 4.0.0
Published Jun 13, 2022
Tracked Since Feb 18, 2026