CVE-2022-4030 - OpenCVE

The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Simple-press	Simple\

Configuration 1 [-]

cpe:2.3:a:simple-press:simple\:press:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4030

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-11-29T20:13:25.260Z

Updated: 2024-08-03T01:27:54.162Z

Reserved: 2022-11-16T18:29:59.720Z

Link: CVE-2022-4030

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-29T21:15:11.970

Modified: 2023-11-07T03:56:45.093

Link: CVE-2022-4030

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4030", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc", "dateReserved": "2022-11-16T18:29:59.720Z", "datePublished": "2022-11-29T20:13:25.260Z", "dateUpdated": "2024-08-03T01:27:54.162Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2022-11-29T20:13:25.260Z"}, "affected": [{"vendor": "simplepress", "product": "Simple:Press \u2013 WordPress Forum Plugin", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "6.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution."}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail="}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4030"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/A:H/I:H/C:N/S:U/UI:N/PR:L/AC:L/AV:N", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Luca Greeb"}, {"lang": "en", "type": "finder", "value": "Andreas Kr\u00fcger"}], "timeline": [{"time": "2022-11-29T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.162Z"}, "title": "CVE Program Container", "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4030", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simple-press:simple\\:press:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9688DEED-8EBB-431A-A73A-53A11066FB21", "versionEndIncluding": "6.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution."}, {"lang": "es", "value": "El complemento Simple:Press para WordPress es vulnerable a Path Traversal en versiones hasta la 6.8 incluida a trav\u00e9s del par\u00e1metro 'file' que puede manipularse durante la eliminaci\u00f3n del avatar del usuario. Esto hace posible que los atacantes, con permisos m\u00ednimos, como un suscriptor, proporcionen rutas a archivos arbitrarios en el servidor que posteriormente se eliminar\u00e1n. Esto se puede utilizar para eliminar el archivo wp-config.php que puede permitir a un atacante configurar el sitio y lograr la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2022-4030", "lastModified": "2023-11-07T03:56:45.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2022-11-29T21:15:11.970", "references": [{"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4030"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}