VYPR
Unrated severityNVD Advisory· Published Mar 28, 2022· Updated Aug 2, 2024No known patch

String Locator < 2.5.0 - Admin+ Arbitrary File Read

CVE-2022-0493

Description

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.