Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-0679
CVE-2022-0679:
WordPress vulnerability analysis and mitigation
Overview
CVE-2022-0679 is a vulnerability discovered in the Narnoo Distributor WordPress plugin versions through 2.5.1. The vulnerability was disclosed on March 1, 2022, and involves a path traversal issue where the plugin fails to properly validate and sanitize the lib_path parameter (NVD, WPScan).
Technical details
The vulnerability exists in the narnoodistributorlibrequest AJAX action, which is accessible to both authenticated and unauthenticated users. The plugin fails to properly validate and sanitize the libpath parameter before passing it into a require() function call. This implementation flaw allows for Local File Inclusion (LFI) attacks. The vulnerability has been assigned a CVSS score of 8.6 (High) (WPScan).
Impact
The vulnerability allows attackers to read arbitrary files from the system as the content is displayed in the JSON response. Additionally, under certain system configurations, this vulnerability could potentially lead to Remote Code Execution (RCE) through various exploitation techniques (WPScan).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management