3 matches found
CVE-2022-0493
The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be...
CVE-2022-0493
CVE-2022-0493 affects the WordPress String Locator plugin prior to version 2.5.0. The vulnerability arises from insufficient validation of the file path during searches, permitting high-privilege users (e.g., admin) to perform path traversal and query arbitrary files on the web server. Additional...
CVE-2022-0493 String Locator < 2.5.0 - Admin+ Arbitrary File Read
The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be...