cbcvebase.
CVE-2022-4031
published 2022-11-29

CVE-2022-4031: The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does…

PriorityP427medium4.9CVSS 3.1
AVNACLPRHUINSUCNIHAN
EPSS
0.67%
47.3th percentile
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.

Affected

2 ranges
VendorProductVersion rangeFixed in
simple-presssimple<= 6.8.0
simplepresssimple_press_forum<= 6.8
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.