CVE-2022-45368
📋 TL;DR
This path traversal vulnerability in the Lenderd 1003 Mortgage Application WordPress plugin allows attackers to access files outside the intended directory. It affects all WordPress sites running vulnerable versions of this plugin, potentially exposing sensitive server files.
💻 Affected Systems
- Lenderd 1003 Mortgage Application WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like /etc/passwd, wp-config.php, or executing arbitrary code via local file inclusion.
Likely Case
Unauthorized access to sensitive configuration files, database credentials, or other restricted files on the server.
If Mitigated
Limited impact if proper file permissions and web server restrictions prevent access to critical system files.
🎯 Exploit Status
Path traversal vulnerabilities are typically easy to exploit with publicly available tools and techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.76 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-local-file-inclusion
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find '1003 Mortgage Application'. 4. Click 'Update Now' if available. 5. If no update available, deactivate and remove the plugin immediately.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the 1003 Mortgage Application plugin until patched
wp plugin deactivate 1003-mortgage-application
Restrict file access via web server
allConfigure web server to block directory traversal attempts
# Apache: Add to .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} \.\. [NC]
RewriteRule .* - [F]
</IfModule>
# Nginx: Add to server block
location ~* \.\. {
deny all;
return 403;
}
🧯 If You Can't Patch
- Immediately deactivate and remove the vulnerable plugin from all WordPress installations
- Implement web application firewall (WAF) rules to block path traversal patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins for '1003 Mortgage Application' plugin version. If version is 1.75 or lower, you are vulnerable.Check Version:
wp plugin get 1003-mortgage-application --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.76 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' or '..\' patterns
- Access attempts to sensitive files like wp-config.php, /etc/passwd
Network Indicators:
- Unusual file access patterns to plugin directories
- Requests with encoded traversal sequences (%2e%2e%2f)
SIEM Query:
source="web_logs" AND (uri="*../*" OR uri="*..\\*" OR uri="*wp-config*" OR uri="*/etc/passwd*")🔗 References
- https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-local-file-inclusion?_s_id=cve
- https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-local-file-inclusion?_s_id=cve
