Enhancement: cves/2022/CVE-2022-2314.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-22 12:58:31 -04:00
parent 2b52a0cf0a
commit 2dd1f21171
1 changed files with 4 additions and 3 deletions

View File

@ -1,11 +1,11 @@
id: CVE-2022-2314 id: CVE-2022-2314
info: info:
name: WordPress VR Calendar <=2.3.2 - Arbitrary Function Call name: WordPress VR Calendar <=2.3.2 - Remote Code Execution
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
WordPress VR Calendar plugin through 2.3.2 is susceptible to arbitrary function call. The plugin allows any user to execute arbitrary PHP functions on the site. WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
reference: reference:
- https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82 - https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82
- https://wordpress.org/plugins/vr-calendar-sync/ - https://wordpress.org/plugins/vr-calendar-sync/
@ -14,6 +14,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
cve-id: CVE-2022-2314 cve-id: CVE-2022-2314
cwe-id: CWE-94
metadata: metadata:
verified: "true" verified: "true"
tags: rce,unauth,wpscan,cve,cve2022,wp,vr-calendar-sync,wordpress,wp-plugin tags: rce,unauth,wpscan,cve,cve2022,wp,vr-calendar-sync,wordpress,wp-plugin
@ -47,4 +48,4 @@ requests:
status: status:
- 200 - 200
# Enhanced by md on 2023/03/21 # Enhanced by md on 2023/03/22