CVE-2022-29446 — Files or Directories Accessible to External Parties in Counter BOX

CWE-552 — Files or Directories Accessible to External Parties3 documents3 sources

Severity

7.2HIGHNVD

CNA6.8

EPSS

0.7%

top 28.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wow-company Counter BOX

Timeline

PublishedMay 19

Latest updateMay 20

Description

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5wow-company/counter_box1.1.1

▶NVDwow-company/counter_box1.1.1

🔴Vulnerability Details

GHSA

GHSA-jjq4-4rfq-9948: Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1↗2022-05-20

▶

CVEList

WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability↗2022-05-19

▶