From d69c804577d5d812e2d8e80a0da5deb7ee680753 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Wed, 21 Jun 2023 17:41:49 +0800
Subject: [PATCH] Create CVE-2022-4060.md

add CVE-2022-4060
---
 CVE-2022-4060.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 CVE-2022-4060.md

diff --git a/CVE-2022-4060.md b/CVE-2022-4060.md
new file mode 100644
index 0000000..9141ac4
--- /dev/null
+++ b/CVE-2022-4060.md
@@ -0,0 +1,12 @@
+## WordPress plugins User Post Gallery upg_datatable RCE Vulnerability (CVE-2022-4060)
+
+|   **Vulnerability**  | **WordPress plugins User Post Gallery upg_datatable RCE Vulnerability (CVE-2022-4060)**  |
+| :----:   | :-----|
+| **Chinese name**  | WordPress User Post Gallery 插件 upg_datatable 远程代码执行漏洞（CVE-2022-4060） |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [body="wp-content/plugins/wp-upg"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3dwLXVwZyI%3D) |
+| **Number of assets affected**  | 383 |
+| **Description**  | WordPress plugins User Post Gallery is a plugin that allows users to select albums, generate tags, upload pictures and videos from the front end. There is a code injection vulnerability in WordPress plugin User Post Gallery 2.19 and earlier versions. The vulnerability stems from the fact that the callback function allows any user to call it. Attackers can use this vulnerability to run code on its site. |
+| **Impact** | There is a code injection vulnerability in WordPress plugin User Post Gallery 2.19 and earlier versions. The vulnerability stems from the fact that the callback function allows any user to call it. Attackers can use this vulnerability to run code on its site. |
+
+![](https://s3.bmp.ovh/imgs/2023/06/21/f82bbe1d63c40785.gif)