Lucene search
HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-2557
wordpress
plugin
file download
vulnerability
path traversal
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
35.6%
The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user
Affected configurations
Node
radiusthemeteam_-_wordpress_team_members_showcaseRange<4.1.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| radiustheme | team_-_wordpress_team_members_showcase | * | cpe:2.3:a:radiustheme:team_-_wordpress_team_members_showcase:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Path traversal
2022-08-22 15:15:00
wpexploit
wpexploit
wpvulndb
wpvulndb
cvelist
cvelist
patchstack
patchstack
cve
cve
CVE-2022-2557
2022-08-22 15:15:15
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
35.6%
Related for NVD:CVE-2022-2557