CVE-2022-4063 Scanner
Detects 'Code Injection' vulnerability in InPost Gallery plugin for WordPress affects v. before 2.1.4.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
The InPost Gallery is a popular WordPress plugin used for creating and managing photo galleries on websites. This plugin is particularly useful for those who want to showcase their photos in a professional and aesthetically pleasing manner. With multiple themes, different display modes, and easy configuration options, it has become a go-to plugin for many website owners to present their photography.
However, this plugin is not immune to vulnerabilities. CVE-2022-4063 is one such vulnerability that has been detected in the InPost Gallery plugin before version 2.1.4.1. The exploit is related to the plugin’s use of PHP's extract() function when rendering HTML views. Unauthorised attackers could use this vulnerability to force the inclusion of malicious files and URLs, thereby allowing them to run code on servers.
The potential consequences of this vulnerability could be disastrous for website owners. If exploited, the attacker may gain control over the website, install malware, steal sensitive data, or use the server as part of a larger botnet. The attacker can also create NEW user accounts, with admin privileges, acting as a stepping stone for future attacks.
As the number of digital assets website owners need to manage grows, so does the need for reliable and up-to-date security information. With the pro features of s4e.io, it is easy to stay informed about vulnerabilities in digital assets that website owners depend on. By subscribing to s4e.io, the user can receive alerts on their mobile, tablet, and desktop emails, and thus, remain aware of updates and vulnerabilities. So, stay safe and informed by using s4e.io, and sleep soundly knowing that the safety of your website is in good hands.
REFERENCES