CVE-2022-1392

HIGH NUCLEI

Commoninja Videos Sync Pdf < 1.7.4 - Path Traversal

Title source: rule

Description

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues

Nuclei Templates (1)

WordPress Videos sync PDF <=1.7.4 - Local File Inclusion

HIGHVERIFIEDby Veshraj

References (2)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/166534/

Scores

CVSS v3 7.5

EPSS 0.5089

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

commoninja/videos_sync_pdf < 1.7.4

Published Apr 25, 2022

Tracked Since Feb 18, 2026