CVE-2022-1391

CRITICAL EXPLOITED NUCLEI

Kanev Cab Fare Calculator < 1.0.4 - Path Traversal

Title source: rule

Description

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

Nuclei Templates (1)

WordPress Cab fare calculator < 1.0.4 - Local File Inclusion

CRITICALby Splint3r7

References (2)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/166533/

Scores

CVSS v3 9.8

EPSS 0.6671

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-06-09

CWE

CWE-22

Status published

Products (1)

kanev/cab_fare_calculator < 1.0.4

Published Apr 25, 2022

Tracked Since Feb 18, 2026