CVE-2022-35235: WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability
First published: Tue Aug 09 2022(Updated: )
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
Credit: audit@patchstack.com audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xplodedthemes Wpide - File Manager \& Code Editor | <3.0 |
Remedy
Update to 3.0 or higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-35235.
What is the severity of CVE-2022-35235?
The severity of CVE-2022-35235 is medium with a severity value of 4.9.
What is affected by CVE-2022-35235?
The XplodedThemes WPide plugin version 2.6 and below at WordPress is affected by CVE-2022-35235.
How can an attacker exploit CVE-2022-35235?
An attacker with admin+ privileges can exploit CVE-2022-35235 to read arbitrary files on the affected system.
Is there a patch available for CVE-2022-35235?
Yes, a patch is available for CVE-2022-35235. Please refer to the reference links for more information.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/title
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/xplodedthemes
- canonical/xplodedthemes wpide - file manager \& code editor