MEDIUM
brooks24
CVE published 2026-06-08
CVE-2022-50953
CVE-2022-50953 is a local file read vulnerability in the WordPress Plugin admin-word-count-column 2.2. The vulnerability allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and rea [truncated]