CVE-2022-4030
Published: 29 November 2022
Summary
CVE-2022-4030 is a high-severity Path Traversal (CWE-22) vulnerability in Simple-Press Simple\. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 9.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The Simple:Press plugin for WordPress is affected by a path traversal vulnerability (CWE-22) in versions up to and including 6.8. The flaw resides in the handling of the 'file' parameter during user avatar deletion operations, allowing manipulation of file paths on the underlying server.
An attacker with minimal privileges, such as a subscriber-level WordPress account, can supply arbitrary paths to trigger deletion of sensitive files including wp-config.php. Successful exploitation can disable the site configuration and enable remote code execution by allowing the attacker to reconfigure the installation.
Public references from Wordfence and the plugin's Trac repository document the issue and point to a patched changeset (revision 2804020) that addresses the parameter handling. Site administrators should apply the available plugin update to eliminate the traversal vector.
The associated EPSS score has remained flat at 0.0597 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-51409
Vulnerability details
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as…
more
a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.