CVE-2022-4060

CRITICAL EXPLOITED NUCLEI

User Post Gallery WP <2.19 - Code Injection

Title source: llm

Description

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.

Exploits (1)

nomisec SCANNER 8 stars

by im-hanzou · remote

https://github.com/im-hanzou/UPGer

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress User Post Gallery <=2.19 - Remote Code Execution

CRITICALVERIFIEDby theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e

Scores

CVSS v3 9.8

EPSS 0.8913

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-12-26

Status published

Products (1)

odude/user_post_gallery < 2.19

Published Jan 16, 2023

Tracked Since Feb 18, 2026