Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 09 Jun 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Brooks24
Brooks24 admin-word-count-column Wordpress Wordpress wordpress |
|
| Vendors & Products |
Brooks24
Brooks24 admin-word-count-column Wordpress Wordpress wordpress |
Mon, 08 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 08 Jun 2026 02:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration. | |
| Title | WordPress Plugin admin-word-count-column 2.2 Local File Read | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-08T12:59:18.536Z
Reserved: 2026-01-11T13:34:26.332Z
Link: CVE-2022-50953
Updated: 2026-06-08T12:59:14.224Z
Status : Deferred
Published: 2026-06-08T02:16:22.647
Modified: 2026-06-08T14:59:44.750
Link: CVE-2022-50953
No data.
OpenCVE Enrichment
Updated: 2026-06-09T08:57:45Z