What is CVE-2022-1390?

CVE-2022-1390 is a vulnerability in Admin Word Count Column, classified under Path Traversal. Published 2022-04-25.

Is CVE-2022-1390 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Admin Word Count Column

CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.911 (99.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Admin Word Count Column — versions 2.2

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

wpscan.com/vulnerability/6293b319-dc4f-4412-9d56-55744246c990 (x_refsource_MISC)
packetstormsecurity.com/files/166476/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1390?: CVE-2022-1390 is a vulnerability in Admin Word Count Column, classified under Path Traversal. Published 2022-04-25.
Is CVE-2022-1390 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.