CVE-2021-39312

True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read

highImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

7.5

CVSS Score

7.5

CVSS Score

high

Severity

2.2.4

Patched in

770d

Time to patch

Description

The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

High

Confidentiality

None

Integrity

None

Availability

Technical Details

Affected versions<=2.2.2

PublishedDecember 13, 2021

Last updatedJanuary 22, 2024

Affected pluginseo-local-rank

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce8ed18-2164-4b5a-b1d3-fda8d348ebf9?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database