What is CVE-2022-0493?

CVE-2022-0493 is a vulnerability in the String locator WordPress plugin before version 2.5.0 that allows high privilege users to query arbitrary files on the web server via a path traversal vector.

How does CVE-2022-0493 affect WordPress?

CVE-2022-0493 affects the String locator WordPress plugin before version 2.5.0, allowing high privilege users to query arbitrary files on the web server.

How severe is CVE-2022-0493?

CVE-2022-0493 has a severity rating of 4.9 (medium).

How can I fix CVE-2022-0493?

To fix CVE-2022-0493, upgrade to version 2.5.0 or later of the String locator WordPress plugin.

Where can I find more information about CVE-2022-0493?

You can find more information about CVE-2022-0493 on the official WordPress plugin directory and WPScan vulnerability database.

Vulnerability/
CVE-2022-0493

medium

4.9

CWE

28/3/2022

2/8/2024

CVE-2022-0493: String Locator < 2.5.0 - Admin+ Arbitrary File Read

First published: Mon Mar 28 2022(Updated: )

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.

Credit: contact@wpscan.com

Affected Software	Affected Version	How to fix
String Locator	<2.5.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-0493?
CVE-2022-0493 is a vulnerability in the String locator WordPress plugin before version 2.5.0 that allows high privilege users to query arbitrary files on the web server via a path traversal vector.
How does CVE-2022-0493 affect WordPress?
CVE-2022-0493 affects the String locator WordPress plugin before version 2.5.0, allowing high privilege users to query arbitrary files on the web server.
How severe is CVE-2022-0493?
CVE-2022-0493 has a severity rating of 4.9 (medium).
How can I fix CVE-2022-0493?
To fix CVE-2022-0493, upgrade to version 2.5.0 or later of the String locator WordPress plugin.
Where can I find more information about CVE-2022-0493?
You can find more information about CVE-2022-0493 on the official WordPress plugin directory and WPScan vulnerability database.

agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/severity
agent/author
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/string locator project
canonical/string locator

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.