CVE-2022-1390

CVE-2022-1390: Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read

Vendor Unknown
Product Admin Word Count Column
Weakness CWE-22 · Path traversal
Published April 25, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique

Key dates

02Disclosure timeline

April 25, 2022 CVE published
August 3, 2024 Record updated