.. / CVE-2022-4060

Exploit for WordPress User Post Gallery <=2.19 - Remote Code Execution (CVE-2022-4060)

Description:

WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Nuclei Template

View the template here CVE-2022-4060.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-4060.yaml
Copy

References:

https://wordpress.org/plugins/wp-upg/
https://nvd.nist.gov/vuln/detail/CVE-2022-4060
https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e
https://github.com/im-hanzou/UPGer
https://github.com/nomi-sec/PoC-in-GitHub