Security Advisory

CVE-2022-2180

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-15 08:36:24

Last updated 2024-08-03 00:32:08

Assigner WPScan

State PUBLISHED

Description

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).

← Browse all CVEs View on cve.org ↗