Unrated severityNVD Advisory· Published Aug 8, 2022· Updated Aug 3, 2024
Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload
CVE-2022-2046
Description
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <7.2.3
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2752034/directoristmitrex_refsource_CONFIRM
- wpscan.com/vulnerability/03a04eab-be47-4195-af77-0df2a32eb807mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.