CVE-2022-2184: Path Traversal
First published: Mon Aug 01 2022(Updated: )
The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpwhitesecurity Captcha 4wp | <7.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-2184?
CVE-2022-2184 is a vulnerability in the CAPTCHA 4WP WordPress plugin before version 7.1.0 that allows user input to reach a sensitive require_once call in one of its admin-side templates, which can be exploited to run arbitrary code on the server.
How does the CAPTCHA 4WP WordPress plugin before version 7.1.0 handle user input?
The CAPTCHA 4WP WordPress plugin before version 7.1.0 does not properly handle user input, allowing it to reach a sensitive require_once call in one of its admin-side templates.
What is the impact of CVE-2022-2184?
CVE-2022-2184 has a severity rating of 8.8 (high severity) and can be abused by attackers, via a Cross-Site Request Forgery attack, to run arbitrary code on the server.
How can an attacker exploit CVE-2022-2184?
An attacker can exploit CVE-2022-2184 by performing a Cross-Site Request Forgery attack and utilizing the vulnerability in the CAPTCHA 4WP WordPress plugin before version 7.1.0 to run arbitrary code on the server.
Is there a fix available for CVE-2022-2184?
Yes, a fix for CVE-2022-2184 is available in version 7.1.0 of the CAPTCHA 4WP WordPress plugin. It is recommended to update to this version to mitigate the vulnerability.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- vendor/wpwhitesecurity
- canonical/wpwhitesecurity captcha 4wp