Main Vulnerability Database SB2018031615

SB2018031615 - Path traversal in WordPress Site Editor

Published: March 16, 2018 Updated: December 6, 2022

Security Bulletin ID SB2018031615

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2018-7422)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient sanitization of user-supplied input submitted to the ajax_path parameter that is processed by the editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php code. A remote attacker can send a specially crafted request that submits malicious input, conduct directory traversal attack access arbitrary files on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://seclists.org/fulldisclosure/2018/Mar/40