cleantalk
Vulnerabilities and Security Researches

String locator, CVE-2022-0493

CVE, Research URL

CVE-2022-0493

Home page URL

Security reports for String locator

Application

String locator

Published on
Mar 28, 2022
Research Description
The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.
Affected versions
Min -, max 2.5.0.
Status
vulnerable
Previous vulnerability researches
String locator , Aug 13, 2025
String locator (CVE-2022-0493) , Jun 06, 2024
String locator (CVE-2022-2434) , Jun 06, 2024
String locator (CVE-2023-6987) , Aug 24, 2024
String locator (CVE-2024-10936) , Jan 22, 2025
New vulnerability
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-7221) , Aug 29, 2025
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025
Responsive Mobile-Friendly Tooltip (CVE-2025-48316) , Aug 29, 2025