CVE-2022-50953
Severity CVSS v4.0:
MEDIUM
Type:
CWE-22
Path Traversal
Publication date:
08/06/2026
Last modified:
08/06/2026
Description
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration.
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM
Base Score 3.x
6.20
Severity 3.x
MEDIUM



