The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/165434/WordPress-The-True-Ranker-2.2.2-Arbitrary-File-Read.html | Exploit Third Party Advisory VDB Entry |
https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.2/admin/vendor/datatables/examples/resources/examples.php | Third Party Advisory |
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2021-12-13T00:00:00
Updated: 2022-01-05T18:06:06
Reserved: 2021-08-20T00:00:00
Link: CVE-2021-39312
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-14T16:15:08.597
Modified: 2022-02-28T20:48:49.893
Link: CVE-2021-39312
JSON object: View
Redhat Information
No data.
CWE