cvedb.io
CVE-2022-0687
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-03-21T19:15:11.337 · Last modified 2026-06-17T04:21:03.987

Summary

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.

Affected products

tms-outsource — amelia

Does this affect you?

Add your gear to cvedb and we'll alert you only when tms-outsource ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.