SecuritySpace - CVE-2022-2554

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2022-2554

Description: The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example

Test IDs: 1.3.6.1.4.1.25623.1.0.127505

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2022-2554
https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9
https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9

CVE ID:	CVE-2022-2554
Description:	The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example
Test IDs:	1.3.6.1.4.1.25623.1.0.127505
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2022-2554 https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9 https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9