CVE-2021-39312

True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read

Basic Information

CVE State: PUBLISHED
Reserved Date: August 20, 2021
Published Date: December 14, 2021
Last Updated: January 31, 2025
Vendor: True Ranker
Product: True Ranker
Description: The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation: none
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2026-01-04 00:00:00 UTC) Source

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312 https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.2/admin/vendor/datatables/examples/resources/examples.php http://packetstormsecurity.com/files/165434/WordPress-The-True-Ranker-2.2.2-Arbitrary-File-Read.html

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2026-01-04 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-39312.yaml	2025-04-25 00:00:00 UTC

Timeline

CVE ID Reserved

August 20, 2021
CVE Published to Public

December 14, 2021
Detected by Nuclei

April 25, 2025
Added to KEVIntel

January 04, 2026