CVE-2022-2434

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

Deserialization of untrusted data

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

CVE-2022-2434

The CVE-2022-2434 entry affects the WordPress String Locator plugin (versions up to and including 2.5.0). The underlying issue is deserialization of untrusted input via the string-locator-path parameter, which can allow a PHAR-based call to arbitrary PHP objects when an action is triggered (e.g.,...

CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

PT-2022-16623

Name of the Vulnerable Software and Affected Versions String Locator plugin for WordPress versions up to, and including 2.5.0 Description The issue allows deserialization of untrusted input via the string-locator-path parameter. This enables unauthenticated users to call files using a PHAR wrappe...

WordPress plugin String Locator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

String Locator < 2.6.0 - Authenticated PHAR Deserialization

The plugin does not validate a parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file crafted with a suitable gadget chain and having a logged in admin open a malicious link...

WordPress String Locator plugin <= 2.5.0 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress String Locator plugin versions = 2.5.0. Solution Update the WordPress String locator plugin to the latest available version at least 2.6.0...

WordPress String locator plugin路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress String locator plugin version 2.5.0 before the path traversal vulnerability, the vulnerability is derived from String locato...

CVE-2022-0493

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be...

CVE-2022-0493

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be...

CVE-2022-0493

CVE-2022-0493 affects the WordPress String Locator plugin prior to version 2.5.0. The vulnerability arises from insufficient validation of the file path during searches, permitting high-privilege users (e.g., admin) to perform path traversal and query arbitrary files on the web server. Additional...

CVE-2022-0493 String Locator < 2.5.0 - Admin+ Arbitrary File Read

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be...

WordPress plugin String locator 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress String locator plugin version 2.5.0 before the path traversal vulnerability, the vulnerability is derived from String locato...

WordPress String locator plugin <= 2.4.2 - Arbitrary File Read vulnerability

Arbitrary File Read vulnerability discovered by qerogram in WordPress String locator plugin versions = 2.4.2. Solution Update the WordPress String locator plugin to the latest available version at least 2.5.0...

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...