Description
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration.
Published: 2026-06-08
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The plugin admin‑word‑count‑column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files. The flaw arises from null byte injection in the path parameter of download‑csv.php, enabling directory traversal sequences. This flaw is classified as CWE‑22 and would grant attackers read access to sensitive files such as system configurations, potentially exposing confidential information and facilitating further attacks.

Affected Systems

The affected product is the WordPress plugin admin‑word‑count‑column, version 2.2, which is publicly available on the WordPress plugin repository. The vulnerability is limited to this specific version; updates beyond 2.2 are not mentioned in the data, so any instance of 2.2 or earlier is vulnerable.

Risk and Exploitability

The CVSS base score of 6.9 indicates a moderate severity. Because the attack can be performed with a simple HTTP GET request to download‑csv.php and requires no authentication, the exploitability is high for any web server hosting the vulnerable plugin. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the straightforward nature of the attack vector means that the risk remains substantial for exposed sites.

Generated by OpenCVE AI on June 8, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to the latest stable release that contains the fix or uninstall it if the functionality is no longer required.
  • Restrict direct access to download‑csv.php or disable the feature that allows file path parameters, thereby preventing directory traversal.
  • Configure a web application firewall or input validation rule to block requests containing null bytes or directory traversal patterns targeting download‑csv.php.

Generated by OpenCVE AI on June 8, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Description WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration.
Title WordPress Plugin admin-word-count-column 2.2 Local File Read
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-08T12:59:18.536Z

Reserved: 2026-01-11T13:34:26.332Z

Link: CVE-2022-50953

cve-icon Vulnrichment

Updated: 2026-06-08T12:59:14.224Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T02:16:22.647

Modified: 2026-06-08T14:59:44.750

Link: CVE-2022-50953

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T03:30:16Z

Weaknesses