Security Advisory

CVE-2022-1538

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-16 15:50:34

Last updated 2025-06-20 16:56:12

Assigner WPScan

State PUBLISHED

Description

Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.

← Browse all CVEs View on cve.org ↗