7.5
CVE-2022-1585
- EPSS 0.89%
- Veröffentlicht 01.08.2022 13:15:09
- Zuletzt bearbeitet 21.11.2024 06:41:01
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginProject Source Code Download <= 1.0.0 - Unauthenticated Backup Download
Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
Mögliche Gegenmaßnahme
WordPress project source code download: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Project-source-code-download Project ≫ Project-source-code-download Version1.0.0 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WordPress project source code download
Version
*-1.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.89% | 0.545 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f
https://www.wordfence.com/threat-intel/vulnerabilities/id/a042b1be-d39f-4d28-8566-d9974becdd40