WordPress Plugin Vulnerabilities

Simple:Press < 6.8.1 - Admin+ Arbitrary File Update

Description

The plugin does not validate files to be updated, which could allow high privilege users such as admin to update arbitrary files and not just the one allowed by the plugin

Affects Plugins

Plugin icon
simplepress
Fixed in 6.8.1

References

CVE
CVE-2022-4031

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
3.8 (low)

Miscellaneous

Original Researcher
Luca Greeb, Andreas Krüger
Verified
No
WPVDB ID
0d9461fb-45b1-46ca-93dd-baafa6b35424

Timeline

Publicly Published
2022-11-29 (about 3 years ago)
Added
2022-11-29 (about 3 years ago)
Last Updated
2022-11-29 (about 3 years ago)

Other

Published
Title
Published
2023-05-15
Title
Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal
Published
2017-10-20
Title
Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal
Published
2025-01-06
Title
Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal
Published
2014-09-20
Title
W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read
Published
2019-07-23
Title
WPS Child Themes Generator <= 1.1 - Path Traversal