CVE-2022-2554: Enable Media Replace < 4.0.0 - Admin+ Path Traversal
First published: Mon Oct 10 2022(Updated: )
The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shortpixel Enable Media Replace | <4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-2554?
CVE-2022-2554 is a vulnerability in the Enable Media Replace WordPress plugin that allows high privilege users to move renamed files outside of the web root directory.
How severe is CVE-2022-2554?
CVE-2022-2554 has a severity rating of 4.9, which is considered medium.
What is the affected software for CVE-2022-2554?
The affected software for CVE-2022-2554 is the Enable Media Replace WordPress plugin version up to 4.0.0.
What is the CWE of CVE-2022-2554?
The CWE of CVE-2022-2554 is CWE-22.
How can I fix CVE-2022-2554?
To fix CVE-2022-2554, update the Enable Media Replace WordPress plugin to version 4.0.0 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/shortpixel
- canonical/shortpixel enable media replace