CVE-2022-4031

Опубликовано: 29 нояб. 2022

Источник: nvd

CVSS3: 3.8

CVSS3: 4.9

EPSS Низкий

Описание

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.

Ссылки

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=
Patch
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=
Patch
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple-press:simple\:press:*:*:*:*:*:wordpress:*:*

Версия до 6.8.0 (включая)

EPSS

Процентиль: 51%

0.00283

Низкий

3.8 Low

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-jxgp-hq49-3gq9

CVSS3: 4.9

github

около 3 лет назад

EPSS

Процентиль: 51%

0.00283

Низкий

3.8 Low

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-22