CVE-2022-3989 Vulnerability Details

  /     /     /  

CVE-2022-3989 Metadata Quick Info

CVE Published: 12/12/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: WPScan | Vendor: Unknown | Product: Motors
Status : PUBLISHED

---

CVE-2022-3989 Description

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim\'s WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-434 Unrestricted Upload of File with Dangerous Type
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).