What the vulnerability does
01Description
Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0.
Explanation of Vulnerability in Simple Terms
The Prevent files / folders access plugin for WordPress contains an authorization flaw that allows authenticated users with low privileges to read sensitive files and folders they should not access. The vulnerability affects versions up to 2.6.0. An attacker with a standard user account can bypass access controls to view protected content without requiring additional user interaction.
What an attacker can do
Read files and folders that should be restricted to higher-privilege users.
Potential impact on your site
Sensitive files and configuration data may be exposed to low-privilege users, compromising confidentiality of protected content.
Conditions required to exploit
Attacker must have a low-privilege user account (e.g., subscriber or contributor role) on the WordPress site.
Key dates
External resources