CVE-2022-2638
Export All URLs < 4.4 - Admin+ Arbitrary System File Removal
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
29 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server
Affected products
Unknown · Export All URLsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →