Headline
CVE-2022-40217: WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability - Patchstack
Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
Verified
Fixed
6.5
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
6ecb43251ea1
Classification
Arbitrary File Upload
OWASP Top 10
A1: Injection
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-08-09
Details
Authenticated Arbitrary File Edit/Upload vulnerability discovered by Vlad Vector (Patchstack) in WordPress WPide plugin (versions <= 2.6).
Solution
Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version (at least 3.0).
References