Login Sign Up

CVE-2022-4949

8.8 HIGH
Remote Code Execution

📋 TL;DR

The AdSanity WordPress plugin up to version 1.8.1 contains a vulnerability that allows authenticated users with Contributor-level permissions or higher to upload arbitrary files to the server. This can lead to remote code execution by uploading malicious files like PHP shells. WordPress sites using vulnerable AdSanity plugin versions are affected.

💻 Affected Systems

Products:
  • WordPress AdSanity Plugin
Versions: Up to and including 1.8.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with Contributor role or higher. WordPress multisite installations may be affected differently.

📦 What is this software?

Adsanity by Adsanityplugin

View all CVEs affecting Adsanity →

Xen by Xen

View all CVEs affecting Xen →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through remote code execution, allowing attackers to steal data, install malware, or pivot to other systems.

🟠

Likely Case

Website defacement, data theft, or installation of backdoors for persistent access.

🟢

If Mitigated

Limited impact if proper file upload restrictions and web application firewalls are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid WordPress user account with Contributor privileges. Public exploit code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.2 or later

Vendor Advisory: https://wordpress.org/plugins/adsanity/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find AdSanity plugin. 4. Click 'Update Now' if available. 5. If not, download version 1.8.2+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable AdSanity Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate adsanity

Restrict File Uploads via .htaccess

linux

Block execution of uploaded files in wp-content/uploads/adsanity directory.

<FilesMatch "\.(php|php5|php7|phtml|phar)$">\n  Order Allow,Deny\n  Deny from all\n</FilesMatch>

🧯 If You Can't Patch

  • Remove Contributor and higher role permissions from untrusted users
  • Implement web application firewall rules to block malicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > AdSanity version. If version is 1.8.1 or lower, you are vulnerable.

Check Version:

wp plugin get adsanity --field=version

Verify Fix Applied:

Verify AdSanity plugin version is 1.8.2 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /wp-content/uploads/adsanity/
  • POST requests to /wp-admin/admin-ajax.php with action=adsanity_ajax_upload

Network Indicators:

  • HTTP POST requests uploading files with non-image extensions to AdSanity endpoints

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data="adsanity_ajax_upload")

📊 Metadata

CVE ID: CVE-2022-4949
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: June 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-4949, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)