CVE-2022-35235 – WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2022-35235
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. Una vulnerabilidad de Lectura Arbitraria de Archivos Autenticada (admin+) en el plugin WPide de XplodedThemes versiones anteriores a 2.6 incluyéndola, en WordPress. The plugin WPide for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 2.6. This makes it possible for authenticated users, with administrative privileges or higher, to read any file on the server. • https://patchstack.com/database/vulnerability/wpide/wordpress-wpide-plugin-2-6-authenticated-arbitrary-file-read-vulnerability https://wordpress.org/plugins/wpide/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •