cve/2022/CVE-2022-0316.md

### [CVE-2022-0316](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0316)
![](https://img.shields.io/static/v1?label=Product&message=WeStand&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=aidreform&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=bolster&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=club-theme&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=footysquare&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=kingclub-theme&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=soundblast&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=spikes&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=spikes-black&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=statfort&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)

### Description

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

### POC

#### Reference
- https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c

#### Github
- https://github.com/KTN1990/CVE-2022-0316_wordpress_multiple_themes_exploit
- https://github.com/KTN1990/CVE-2024-31351_wordpress_exploit
- https://github.com/KTN1990/CVE-2024-5084
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-0316](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0316)`
			`![](https://img.shields.io/static/v1?label=Product&message=WeStand&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=aidreform&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=bolster&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=club-theme&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=footysquare&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=kingclub-theme&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=soundblast&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=spikes&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=spikes-black&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=statfort&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)`

			`### Description`

			`The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c`

			`#### Github`
			`- https://github.com/KTN1990/CVE-2022-0316_wordpress_multiple_themes_exploit`
Update Sun May 26 16:36:09 UTC 2024 2024-05-26 16:36:09 +00:00			`- https://github.com/KTN1990/CVE-2024-31351_wordpress_exploit`
			`- https://github.com/KTN1990/CVE-2024-5084`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/k0mi-tg/CVE-POC`
			`- https://github.com/manas3c/CVE-POC`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/whoforget/CVE-POC`
			`- https://github.com/youwizard/CVE-POC`