CVE-2022-0493

Name of the Vulnerable Software and Affected Versions String locator WordPress plugin versions prior to 2.5.0

Description The issue allows high privilege users, such as admins, to query arbitrary files on the web server via a path traversal vector due to improper validation of the path of files to be searched. Additionally, a flaw in the search function allows a pattern to be provided, which can be used to output relevant matches from the matching file, potentially disclosing all content of the file.

Recommendations For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the search function to minimize the risk of exploitation. Avoid using the pattern search feature in the affected plugin until the issue is resolved.