What the vulnerability does
01Description
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.
Explanation of Vulnerability in Simple Terms
The Health Check & Troubleshooting plugin for WordPress contains an information disclosure vulnerability affecting versions up to 1.7.1. An authenticated administrator with high privileges can access sensitive diagnostic information that should be restricted. The vulnerability does not allow data modification or system unavailability, but exposes confidential site details to privileged users.
What an attacker can do
Read sensitive diagnostic and configuration information from the site.
Potential impact on your site
Administrators with malicious intent or compromised admin accounts can view confidential site diagnostics and configuration data.
Conditions required to exploit
Attacker must have administrator-level access to the WordPress site.
Key dates
External resources
Related vulnerabilities