cleantalk
Vulnerabilities and Security Researches

Simple:Press Forum, CVE-2022-4030

CVE, Research URL

CVE-2022-4030

Home page URL

Security reports for Simple:Press Forum

Application

Simple:Press Forum

Published on
Nov 30, 2022
Research Description
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.
Affected versions
Min -, max 6.8.1.
Status
vulnerable
Previous vulnerability researches
Simple:Press Forum (CVE-2025-31386) , Apr 03, 2025
Simple:Press Forum (CVE-2024-10483) , Feb 28, 2025
Simple:Press Forum (CVE-2024-13518) , Mar 03, 2025
Simple:Press Forum (CVE-2024-12409) , Feb 01, 2025
Simple:Press Forum (CVE-2022-4031) , Jun 06, 2024
New vulnerability
Team Circle Image Slider With Lightbox (CVE-2019-25223) , Apr 09, 2025
WPFront User Role Editor (CVE-2025-3064) , Apr 09, 2025
Simple WP Events (CVE-2025-2004) , Apr 09, 2025
Advanced Advertising System (CVE-2025-3433) , Apr 09, 2025
Melhor Envio (CVE-2024-13820) , Apr 09, 2025