nvd-json-data-feeds/CVE-2022/CVE-2022-19xx/CVE-2022-1939.json

{
  "id": "CVE-2022-1939",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2022-06-20T11:15:10.543",
  "lastModified": "2022-06-28T18:30:00.583",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to"
    },
    {
      "lang": "es",
      "value": "El plugin Allow svg files de WordPress versiones anteriores a 1.1, no comprueba apropiadamente los archivos cargados, lo que podr\u00eda permitir a usuarios muy privilegiados, como el administrador, cargar archivos PHP incluso cuando no est\u00e1n autorizados a hacerlo"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "contact@wpscan.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:allow_svg_files_project:allow_svg_files:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "1.1",
              "matchCriteriaId": "CA10FC22-0095-41FE-A6E2-035F11B24FE4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}