What is CVE-2022-4060?

CVE-2022-4060 is a vulnerability in User Post Gallery, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2023-01-16.

Is CVE-2022-4060 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in User Post Gallery

CVE-2022-4060

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.

EPSS: 0.887 (99.5th percentile) — read the EPSS interpretation.

Affected products

Unknown User Post Gallery — versions 0

Public proof-of-concept exploits

im-hanzou/UPGer
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
cyllective/CVEs
20142995/nuclei-templates
nomi-sec/PoC-in-GitHub
securi3ytalent/wordpress-exploit
devmehedi101/wordpress-exploit

References

wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4060?: CVE-2022-4060 is a vulnerability in User Post Gallery, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2023-01-16.
Is CVE-2022-4060 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.