6.5
CVE-2022-2638
- EPSS 0.92%
- Veröffentlicht 29.08.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 07:01:25
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginExport All URLs < 4.4 - Admin+ Arbitrary System File Removal
Export All URLs <= 4.3 - Arbitrary File Deletion
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server
Mögliche Gegenmaßnahme
Export All URLs: Update to version 4.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlasgondal ≫ Export All Urls SwPlatformwordpress Version < 4.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Export All URLs
Version
*-4.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.92% | 0.555 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
|
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
https://wpscan.com/vulnerability/70840a72-ccdc-4eee-9ad2-874809e5de11
https://www.wordfence.com/threat-intel/vulnerabilities/id/2493a2f8-d4e4-4c42-b748-5632b96b085e