CVE-2022-50953

Severity CVSS v4.0:
MEDIUM
Type:
CWE-22 Path Traversal
Publication date:
08/06/2026
Last modified:
08/06/2026

Description

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration.