UBUNTU-CVE-2022-3124
- Source
- https://ubuntu.com/security/CVE-2022-3124
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3124.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-3124
- Upstream
- Published
- 2022-10-03T14:15:00Z
- Modified
- 2026-01-20T17:28:03.798604Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
- References
Affected packages
Ubuntu:16.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@4.4.2+dfsg-1ubuntu1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.3+dfsg-1
4.3.1+dfsg-1
4.4+dfsg-1
4.4.1+dfsg-1
4.4.2+dfsg-1
4.4.2+dfsg-1ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress-theme-twentyfifteen"
},
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress-theme-twentyfourteen"
},
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress-theme-twentysixteen"
}
]
}Ubuntu:18.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@4.9.5+dfsg1-1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.8.2+dfsg-2
4.8.3+dfsg-1
4.9.1+dfsg-1
4.9.2+dfsg-1
4.9.4+dfsg-1
4.9.5+dfsg1-1
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress"
},
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress-theme-twentyfifteen"
},
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress-theme-twentyseventeen"
},
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress-theme-twentysixteen"
}
]
}Ubuntu:20.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@5.3.2+dfsg1-1ubuntu1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentynineteen"
},
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentyseventeen"
},
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentysixteen"
}
]
}Ubuntu:22.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@5.8.3+dfsg1-1ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.7.1+dfsg1-2ubuntu1
5.8.1+dfsg1-2ubuntu1
5.8.2+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress"
},
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress-theme-twentynineteen"
},
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress-theme-twentytwenty"
},
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress-theme-twentytwentyone"
}
]
}Ubuntu:24.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@6.4.3+dfsg1-1ubuntu1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentytwentyfour"
},
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentytwentythree"
},
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentytwentytwo"
}
]
}Ubuntu:25.10
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@6.7.2+dfsg1-1.1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentyfive"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentyfour"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentythree"
}
]
}