CVE-2022-0679 Scanner

The Narnoo Distributor WordPress plugin is a tool designed for entrepreneurs and travel agencies seeking to add travel services to their website. By implementing this plugin, website developers can gain access to a range of travel content, such as videos and images, as well as make bookings for tours and transportation.

Despite its inherent usefulness, the Narnoo Distributor WordPress plugin also has a significant security flaw that has been identified as CVE-2022-0679. This vulnerability causes an unvalidated and unsanitized 'lib_path' parameter to be used in a call to require(), resulting in a potential disclosure of arbitrary files. Ultimately, the content of the file can be displayed in response to the JSON data, which poses a significant risk to website security.

This vulnerability can lead to a range of nefarious activities, including arbitrary file disclosure and, potentially, remote code execution (RCE). The potential impact of such attacks can be severe, especially if the underlying system is improperly configured. As a result, it is essential to address this vulnerability as soon as possible.

Thanks to cutting-edge security features, the s4e.io platform enables users to receive timely notifications regarding potential vulnerabilities and any updates or patches needed to combat them. By emphasizing this point, business owners, web developers, and various IT professionals can quickly and conveniently stay on top of their digital assets' safety.

REFERENCES

• https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8