cnvd - cnvd-2022-85055

cnvd-2022-85055

Vulnerability from cnvd

Title: WordPress Simple:Press plugin任意文件修改漏洞

Description:

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。

WordPress Simple:Press plugin6.8及其之前版本存在任意文件修改漏洞，该漏洞源于“file”参数未能对插件上下文中编辑的文件进行正确地限制。具有较高权限的攻击者可利用此漏洞修改服务器上任意文件。

Severity: 中

Patch Name: WordPress Simple:Press plugin任意文件修改漏洞的补丁

Patch Description:

WordPress Simple:Press plugin6.8及其之前版本存在任意文件修改漏洞，该漏洞源于“file”参数未能对插件上下文中编辑的文件进行正确地限制。具有较高权限的攻击者可利用此漏洞修改服务器上任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031

Reference: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=

Impacted products

Name
WordPress Simple:Press plugin <=6.8

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-4031",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-4031"
    }
  },
  "description": "WordPress\u548cWordPress plugin\u90fd\u662fWordPress\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002WordPress\u662f\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress plugin\u662f\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nWordPress Simple:Press plugin6.8\u53ca\u5176\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4fee\u6539\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u201cfile\u201d\u53c2\u6570\u672a\u80fd\u5bf9\u63d2\u4ef6\u4e0a\u4e0b\u6587\u4e2d\u7f16\u8f91\u7684\u6587\u4ef6\u8fdb\u884c\u6b63\u786e\u5730\u9650\u5236\u3002\u5177\u6709\u8f83\u9ad8\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4fee\u6539\u670d\u52a1\u5668\u4e0a\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-85055",
  "openTime": "2022-11-29",
  "patchDescription": "WordPress\u548cWordPress plugin\u90fd\u662fWordPress\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002WordPress\u662f\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress plugin\u662f\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\r\n\r\nWordPress Simple:Press plugin6.8\u53ca\u5176\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4fee\u6539\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u201cfile\u201d\u53c2\u6570\u672a\u80fd\u5bf9\u63d2\u4ef6\u4e0a\u4e0b\u6587\u4e2d\u7f16\u8f91\u7684\u6587\u4ef6\u8fdb\u884c\u6b63\u786e\u5730\u9650\u5236\u3002\u5177\u6709\u8f83\u9ad8\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4fee\u6539\u670d\u52a1\u5668\u4e0a\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress Simple:Press plugin\u4efb\u610f\u6587\u4ef6\u4fee\u6539\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Simple:Press plugin \u003c=6.8"
  },
  "referenceLink": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2804020%40simplepress\u0026new=2804020%40simplepress\u0026sfp_email=\u0026sfph_mail=",
  "serverity": "\u4e2d",
  "submitTime": "2022-11-30",
  "title": "WordPress Simple:Press plugin\u4efb\u610f\u6587\u4ef6\u4fee\u6539\u6f0f\u6d1e"
}

CVE-2022-4031 (GCVE-0-2022-4031)

Vulnerability from cvelistv5

Published

2022-11-29 20:15

Modified

2025-01-23 21:23

Severity ?

3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.

References

▼	URL	Tags
	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=
	https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031

Impacted products

	Vendor	Product	Version
	simplepress	Simple:Press – WordPress Forum Plugin	Version: * ≤ 6.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:27:53.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2804020%40simplepress\u0026new=2804020%40simplepress\u0026sfp_email=\u0026sfph_mail="
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T21:23:04.811211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T21:23:30.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Simple:Press \u2013 WordPress Forum Plugin",
          "vendor": "simplepress",
          "versions": [
            {
              "lessThanOrEqual": "6.8",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Luca Greeb"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Andreas Kr\u00fcger"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the \u0027file\u0027 parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/A:L/I:L/C:N/S:U/UI:N/PR:H/AC:L/AV:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-29T20:15:59.914Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2804020%40simplepress\u0026new=2804020%40simplepress\u0026sfp_email=\u0026sfph_mail="
        },
        {
          "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-11-29T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2022-4031",
    "datePublished": "2022-11-29T20:15:59.914Z",
    "dateReserved": "2022-11-16T18:30:39.041Z",
    "dateUpdated": "2025-01-23T21:23:30.526Z",
    "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted