CVE-2022-4031

Name of the Vulnerable Software and Affected Versions Simple:Press plugin for WordPress versions up to, and including, 6.8

Description The issue allows for arbitrary file modifications via the file parameter, which does not properly restrict files to be edited in the context of the plugin. This makes it possible for attackers with high-level permissions, such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.

Recommendations For versions up to, and including, 6.8, consider disabling the file parameter functionality until a patch is available to prevent arbitrary file modifications. Restrict access to the plugin's file editing functionality to minimize the risk of exploitation. Avoid using the file parameter in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.