Enable Media Replace < 4.0.0 - Admin+ Path Traversal
CVE-2022-2554

4.9MEDIUM

Key Information:

Vendor: Wordpress
Status: Enable Media Replace
Vendor: CVE Published:; 10 October 2022

Summary

The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example

Affected Version(s)

Enable Media Replace 4.0.0

References

https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2022
Vulnerability Reserved
Jul 27, 2022

Credit

Raad Haddad of Cloudyrion GmbH