The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-10-10T00:00:00

Updated: 2024-08-03T00:39:08.043Z

Reserved: 2022-07-27T00:00:00

Link: CVE-2022-2554

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-10-10T21:15:10.687

Modified: 2024-11-21T07:01:14.453

Link: CVE-2022-2554

cve-icon Redhat

No data.