CVE-2018-7422

EPSS 63.1%

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/0x00-0x00/CVE-2018-7422★ 1 githubgithub.com/ndr-repo/CVE-2018-7422★ 1 githubgithub.com/nguyenduytoi/CVE-2018-7422★ 0 cve_referencewww.exploit-db.com/exploits/44340/unverified exploitdbwww.exploit-db.com/exploits/44340unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2018/Mar/40 https://wpvulndb.com/vulnerabilities/9044 https://www.exploit-db.com/exploits/44340/