cve/2022/CVE-2022-3921.md

### [CVE-2022-3921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3921)
![](https://img.shields.io/static/v1?label=Product&message=Listingo&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)

### Description

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

### POC

#### Reference
- https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-3921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3921)`
			`![](https://img.shields.io/static/v1?label=Product&message=Listingo&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)`

			`### Description`

			`The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f`

			`#### Github`
			`No PoCs found on GitHub currently.`