How severe is CVE-2022-2431?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-2431?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2022-2431 - HIGH Severity | CVSS 8.8

Vulnerability Description

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the 'file[files]' parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server.

Related Vulnerabilities

CVE-2020-25161

HIGH

CVSS:8.8(High)

The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administ...

CWE-732020

CVE-2021-3626

HIGH

CVSS:8.8(High)

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege es...

CWE-732021

CVE-2022-31739

HIGH

CVSS:8.8(High)

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %...

CWE-732022

CVE-2023-35985

HIGH

CVSS:8.8(High)

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted mal...

CWE-732023

CVE-2023-36634

HIGH

CVSS:8.8(High)

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions...

CWE-732023

CVE-2023-36764

HIGH

CVSS:8.8(High)

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CWE-732023