2 matches found
CVE-2022-4030
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to...
CVE-2022-4030
The CVE-2022-4030 entry concerns the WordPress Simple:Press plugin (versions up to 6.8). It describes a path-traversal flaw in the file parameter used during user avatar deletion, which could allow an attacker with minimal privileges (e.g., a subscriber) to reference and delete arbitrary server f...