CVE-2022-2314
published 2022-08-15CVE-2022-2314: The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.44%
95.7th percentile
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vr_calendar_project | vr_calendar | <= 2.3.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe for plugin presence by checking for the string 'vrc-calendar' in the body of /wp-content/plugins/vr-calendar-sync/assets/js/public.js ↗
- →Exploitation confirmed when HTTP 200 response to /wp-admin/admin-post.php?vrc_cmd=phpinfo contains both 'phpinfo' and 'PHP Version' in the response body — indicating unauthenticated arbitrary PHP function execution via the vrc_cmd parameter ↗
- →The attack requires no authentication (PR:N, UI:N); any unauthenticated GET request to admin-post.php with the vrc_cmd parameter can trigger arbitrary PHP function execution ↗
- ·Vulnerability affects VR Calendar plugin versions up to and including 2.3.2; version 2.3.3 or later is not affected ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g5j5-w5x8-9mpq: The VR Calendar WordPress plugin through 2
ghsa_unreviewed·2022-08-16
CVE-2022-2314 [CRITICAL] CWE-78 GHSA-g5j5-w5x8-9mpq: The VR Calendar WordPress plugin through 2
The VR Calendar WordPress plugin through 2.2.2 lets any user execute arbitrary PHP functions on the site.
VulnCheck
VR Calendar WordPress plugin through 2.3.2 Arbitrary PHP Function Executiuon
vulncheck·2022·CVSS 9.8
CVE-2022-2314 [CRITICAL] VR Calendar WordPress plugin through 2.3.2 Arbitrary PHP Function Executiuon
VR Calendar WordPress plugin through 2.3.2 Arbitrary PHP Function Executiuon
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
Affected: vr_calendar_project vr_calendar
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-01&host_type=src&vulnerability=cve-2022-2314; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-17&host_type=src&vulnerability=cve-2022-2314; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2022-
No detection rules found.
Nuclei
WordPress VR Calendar <=2.3.2 - Remote Code Execution
nuclei·CVSS 9.8
CVE-2022-2314 [CRITICAL] WordPress VR Calendar <=2.3.2 - Remote Code Execution
WordPress VR Calendar <=2.3.2 - Remote Code Execution
WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
Template:
id: CVE-2022-2314
info:
name: WordPress VR Calendar <=2.3.2 - Remote Code Execution
author: theamanrawat
severity: critical
description: |
WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a
No writeups or analysis indexed.
2022-08-15
Published
Exploited in the wild