Headline
CVE-2022-35235: WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability - Patchstack
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
Verified
Fixed
4.9
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
0cd38e045367
Classification
Other Vulnerability Type
OWASP Top 10
A1: Injection
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-08-09
Details
Authenticated Arbitrary File Read vulnerability discovered by Brandon James Roldan (Patchstack Alliance) in WordPress WPide plugin (versions <= 2.6).
Solution
Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version (at least 3.0).
References