cbcvebase.
CVE-2022-1103
published 2022-05-16

CVE-2022-1103: The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to…

PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
14.28%
96.2th percentile
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE

Affected

1 ranges
VendorProductVersion rangeFixed in
advanced_uploader_projectadvanced_uploader<= 4.2

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/uploads/
urlhttps://downloads.wordpress.org/plugin/advanced-uploader.4.2.zip
  • Monitor for PHP file uploads (or other executable file types) deposited into the WordPress uploads directory by authenticated low-privileged users (e.g., subscriber role), which is the exploitation path for this vulnerability.
  • Detect use of the Advanced Uploader WordPress plugin version 4.2 or below on the target system, as all versions up to and including 4.2 are vulnerable to authenticated arbitrary file upload.
  • ·Exploitation requires authentication — the attacker must have at minimum a subscriber-level WordPress account. Unauthenticated access alone is insufficient to trigger the vulnerability.
  • ·Any file type can be uploaded, not just PHP — defenders should not restrict detection solely to .php extensions when monitoring the uploads directory.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.