exploitDog

CVE-2022-2554

Опубликовано: 10 окт. 2022

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example

Ссылки

https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shortpixel:enable_media_replace:*:*:*:*:*:wordpress:*:*

Версия до 4.0.0 (исключая)

EPSS

Процентиль: 62%

0.00425

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-pr9x-p233-rm4x

CVSS3: 4.9

github

больше 3 лет назад

The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example

EPSS

Процентиль: 62%

0.00425

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22