7.5

CVE-2022-1585

Exploit

EPSS 0.48%
Veröffentlicht 01.08.2022 13:15:09
Zuletzt bearbeitet 21.11.2024 06:41:01
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

Mögliche Gegenmaßnahme

WordPress project source code download: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WordPress project source code download

Version *-1.0.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Project-source-code-download Project ≫ Project-source-code-download Version1.0.0 SwPlatformwordpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.646

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/a042b1be-d39f-4d28-8566-d9974becdd40

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1585

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1585

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1585

EUVD