5 matches found
CVE-2022-2554
The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example...
CVE-2022-2554
creationtimestamp| type| source ---|---|--- 2023-12-11 14:06:40+00:00| seen| https://t.me/arpsyndicate/1750...
WordPress Enable Media Replace Plugin < 4.0.0 Path Traversal Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:shortpixel:enablemediareplace"; if description...
CVE-2022-2554
The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example...
CVE-2022-2554
The CVE-2022-2554 entry concerns the WordPress plugin Enable Media Replace (versions before 4.0.0). The root cause is that renamed files are not reliably moved into the Upload folder, enabling path traversal to place files outside the Upload directory, potentially in web root. Impact stated in so...