CVE-2022-2180: 
WordPress vulnerability analysis and mitigation

CVE-2022-2180 is a security vulnerability discovered in the GREYD.SUITE WordPress theme that was publicly disclosed on July 21, 2022. The vulnerability affects versions prior to 1.2.7 and stems from improper validation of uploaded custom font packages, combined with a lack of authorization and CSRF checks (WPScan, NVD).

The vulnerability exists in the theme's custom font upload functionality, specifically in the wp-content/themes/greydsuite/inc/customizerff.php file. The implementation fails to properly validate uploaded font packages and lacks essential security checks. This vulnerability allows for the upload of arbitrary files, including PHP source files, through a POST request containing specific parameters and a ZIP file. Prior to version 1.2.5, uploaded files were extracted to wp-content/themes/greydsuite/inc/hackpath/hack/ without any validation of the ZIP contents. From version 1.2.5 onwards, the upload location was changed to wp-content/uploads/greydtp/custom_fonts/hack/ and CSRF checks were implemented (WPScan).

The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP source files, to the affected WordPress installation. This can lead to remote code execution (RCE) on the target system, giving attackers complete control over the affected website (WPScan).

The vulnerability was fixed in GREYD.SUITE version 1.2.7. Users are strongly advised to upgrade to this version or later. Version 1.2.5 added CSRF checks as an intermediate security improvement, but the complete fix was only implemented in version 1.2.7 (WPScan).