CVE-2022-4031

LOW

Simple:Press <6.8 - Privilege Escalation

Title source: llm

Description

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.

References (3)

Core 3

Core References

Patch, Third Party Advisory

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=

Third Party Advisory

https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031

https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead1a18-9429-472e-9e88-e792eaa23ae9?source=cve

Scores

CVSS v3 3.8

EPSS 0.0067

EPSS Percentile 47.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

simple-press/simple\ < 6.8.0

simplepress/Simple:Press Forum < 6.8

Published Nov 29, 2022

Tracked Since Feb 18, 2026