Limited Black Friday Offer:

True Ranker < 2.2.4 - Unauthenticated Arbitrary File Access via Path Traversal Vulnerability CVE-2021-39312 Scanner

There is an arbitrary file access vulnerability in True Ranker < 2.2.4, which allow remote attackers to read arbitrary files.

Short Info

Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

True Ranker < 2.2.4 - Unauthenticated Arbitrary File Access via Path Traversal Vulnerability CVE-2021-39312 Scanner Detail

The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.

http://packetstormsecurity.com/files/165434/WordPress-The-True-Ranker-2.2.2-Arbitrary-File-Read.html
https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.2/admin/vendor/datatables/examples/resources/examples.php
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312