CVE-2022-2557

CVE-2022-2557: WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion

Vendor Unknown
Product Team – WordPress Team Members Showcase Plugin
Weakness CWE-22 · Path traversal
Published August 22, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user

Key dates

02Disclosure timeline

August 22, 2022 CVE published
August 3, 2024 Record updated