CVE-2022-2046

CVE-2022-2046: Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload

Vendor Unknown
Product Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Weakness CWE-434 · Unrestricted file upload
Published August 8, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.

Key dates

02Disclosure timeline

August 8, 2022 CVE published
August 3, 2024 Record updated