Description

WordPress Plugin True Ranker is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin True Ranker version 2.2.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.2.4 or latest

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312

https://plugins.trac.wordpress.org/changeset/2641857/

Related Vulnerabilities

WordPress Plugin WP Editor Arbitrary File Upload (1.2.5.3)

WordPress Plugin Calculated Fields Form Multiple SQL Injection Vulnerabilities (1.0.10)

WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2)

WordPress Plugin CMS Tree Page View 'cms_tpv_view' Parameter Cross-Site Scripting (0.8.8)

WordPress Plugin Cookie Notice & Consent Banner for GDPR & CCPA Compliance Cross-Site Scripting (1.7.1)

Severity

High

Classification

CVE-2021-39312 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Directory Traversal