CVE-2021-39312 — AI Deep Analysis Summary

🚨 **Essence**: Path Traversal in WordPress Plugin 'True Ranker'. 💥 **Consequences**: Attackers can read **arbitrary files** on the server. Critical data like `wp-config.php` is exposed. Total compromise of site secrets.

🛡️ **Root Cause**: **CWE-22** (Path Traversal). 🔍 **Flaw**: The `src` parameter in `examples.php` is not sanitized. It allows `../` sequences to escape the intended directory and access root/system files.

📦 **Affected**: **True Ranker** WordPress Plugin. 📉 **Versions**: Before **v2.2.4**. Specifically tested on v2.2.2. Any version lacking the fix is vulnerable.

🕵️ **Hacker Actions**: Read **sensitive configuration files**. 🔑 **Data Access**: `wp-config.php` (DB credentials), `.htaccess`, system logs. No execution, but **High Confidentiality** impact.

🔓 **Threshold**: **LOW**. ⚙️ **Config**: No authentication required (`PR:N`). Network accessible (`AV:N`). Easy to exploit via simple HTTP requests.

🧨 **Public Exp?**: **YES**. 📜 **PoC**: Available via **Nuclei Templates** (ProjectDiscovery). Public exploits exist on PacketStorm. Wild exploitation is feasible.

🔎 **Self-Check**: Scan for the specific file path: `/wp-content/plugins/true-ranker/admin/vendor/datatables/examples/resources/examples.php` 🔍 Look for `src` parameter manipulation in requests.

🩹 **Fix**: **YES**. ✅ **Patch**: Upgrade True Ranker to **version 2.2.4** or later. The vendor has released a fixed version.

🚧 **No Patch?**: Disable the plugin immediately. 🛑 **Mitigation**: Block access to `/admin/vendor/datatables/` via WAF or `.htaccess` if update is impossible.

⚡ **Urgency**: **HIGH**. 📢 **Priority**: Patch immediately. CVSS Score is **High** (Confidentiality impact). No auth needed makes it an easy target for automated bots.