.. / CVE-2022-2314

Exploit for WordPress VR Calendar <=2.3.2 - Remote Code Execution (CVE-2022-2314)

Description:

WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Nuclei Template

View the template here CVE-2022-2314.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-2314.yaml

References:

https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82
https://github.com/ARPSyndicate/kenzer-templates
https://wordpress.org/plugins/vr-calendar-sync/
https://nvd.nist.gov/vuln/detail/CVE-2022-2314

.. / CVE-2022-2314 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress VR Calendar <=2.3.2 - Remote Code Execution (CVE-2022-2314)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-2314