Back to search
CVE-2022-0493
Published: Mar 28, 2022
Modified: Aug 2, 2024
PUBLISHED
Description
The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.
| Vendor | Product | Versions |
|---|---|---|
Unknown | String locator | affected 2.5.0 - < 2.5.0 |
Weaknesses (CWE)
References
https://plugins.trac.wordpress.org/changeset/2685592
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now