High severity8.8NVD Advisory· Published Mar 28, 2022· Updated Jun 17, 2026
CVE-2022-0499
CVE-2022-0499
Description
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Sermon Browserdescription
- Range: <=0.45.22
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/e9ccf1fc-1dbf-4a41-bf4a-90af20b286d6nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.