CVE-2022-2638

MEDIUM

WordPress Plugin <4.4 - Path Traversal

Title source: llm

Description

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/70840a72-ccdc-4eee-9ad2-874809e5de11

Scores

CVSS v3 6.5

EPSS 0.0040

EPSS Percentile 60.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-610 CWE-73

Status published

Affected Products (1)

atlasgondal/export_all_urls < 4.4

Timeline

Published Aug 29, 2022

Tracked Since Feb 18, 2026