China National Vulnerability DatabaseCNVD-2022-19803WordPress Cost Calculator plugin path traversal vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cost Calculator plugin version 1.4 and earlier contains a path traversal vulnerability that stems from the failure of a web system or product to properly filter special elements in a resource or file path. An attacker could exploit this vulnerability to allow users with roles as low as Contributor to perform path traversal on Windows Web servers via layouts published by Cost Calculator.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress cost calculator plugin | le | 1.4 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N