CVE-2022-50953NVD

Vulnerability Summary

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration.

Severity Level

MEDIUM(6.2)

Published Date

Jun 8, 2026

Last Modified

Jun 8, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.15%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://www.exploit-db.com/exploits/50845
https://wordpress.org/plugins/admin-word-count-column/
https://www.vulncheck.com/advisories/wordpress-plugin-admin-word-count-column-local-file-read

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2022-50953NVD

Vulnerability Summary

External References