CVE-2022-42698: WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability - Patchstack

Verified

Fixed

9.8

CVSS 3.1 score Critical severity

Report

Monitoring Not reported to be exploited

Vulnerable versions

<= 1.1.0

PSID

eb0352ec4a91

Classification

Arbitrary File Upload

OWASP Top 10

A5: Broken Access Control

Required privilege

Can be exploited remotely without any authentication.

Publicly disclosed

2022-10-28

Details

Arbitrary File Upload vulnerability discovered by Dave Jong (Patchstack) in the WordPress Api2Cart Bridge Connector plugin (versions <= 1.1.0).

Solution

Update the WordPress Api2Cart Bridge Connector plugin to the latest available version (at least 1.2.0).

References