Lucene search

[email protected]NVD:CVE-2022-4101

HistoryJan 16, 2023 - 4:15 p.m.

CVE-2022-4101

2023-01-1616:15:11

[email protected]

web.nvd.nist.gov

wordpress plugin

unauthenticated users

path traversal attack

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.

Affected configurations

NVD

Node

images_optimize_and_upload_cf7_projectimages_optimize_and_upload_cf7Range≤2.1.4wordpress

References

wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

Related for NVD:CVE-2022-4101

wpexploit1 wpvulndb1 prion1 cvelist1 cve1