Vulnerability Description
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simple-Press | Simple\ | <= 6.8.0, press |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatchThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead1a18-9429-472e-9e8
- https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031Third Party Advisory
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatchThird Party Advisory
- https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031Third Party Advisory
FAQ
What is CVE-2022-4031?
CVE-2022-4031 is a vulnerability with a CVSS score of 3.8 (LOW). The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited i...
How severe is CVE-2022-4031?
CVE-2022-4031 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4031?
Check the references section above for vendor advisories and patch information. Affected products include: Simple-Press Simple\.