Home > Vulnerability Database > CVE-2022-0493

Mend.io Vulnerability Database

CVE-2022-0493

Good to know:

Date: March 28, 2022

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.

Language: PHP

Severity Score

4.9

Related Resources (4)

Url: https://wpscan.com/vulnerability/21e2e5fc-03d2-4791-beef-07af6bf985ed

Url: https://plugins.trac.wordpress.org/changeset/2685592

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-0493

Url: https://www.mend.io/vulnerability-database/CVE-2022-0493

Severity Score

4.9

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version 2.5.0/

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-0493

Good to know:

Date: March 28, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?