[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fx256pOcoveJm3IdHH-GzIyVsKJvrjAFxFOVhSL3W0N0":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-2557","team-wordpress-team-member-showcase-plugin-directory-traversal-to-arbitrary-file-readdeletion","Team - WordPress Team Member Showcase Plugin \u003C= 4.1.1 - Directory Traversal to Arbitrary File Read\u002FDeletion","The Team - WordPress Team Member Showcase Plugin for WordPress is vulnerable to directory traversal via the 'resources\u002Fdownload.php' file. This allows authenticated attackers to download a copy of any file on the server, and then delete the original from the server, granted the 'wp-content\u002Fplugins\u002Ftlp-team\u002Ftemp' folder exists. This folder is not currently generated by default in the free version of the plugin, but in cases where it exists it is possible for an attacker to completely take over a site by deleting wp-config.php and reinstalling WordPress, while simultaneously obtaining credentials to the existing database.","tlp-team",null,"\u003C=4.1.1","4.1.2","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2022-07-29 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F497cfc87-85ac-41d0-aeea-63c5fc64db0d?source=api-prod",543]