9.1

CVE-2022-28700

WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability

GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
Mögliche Gegenmaßnahme
GiveWP – Donation Plugin and Fundraising Platform: Update to version 2.21.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GivewpGivewp SwPlatformwordpress Version < 2.21.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt GiveWP – Donation Plugin and Fundraising Platform
Version *-2.20.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.42% 0.694
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
audit@patchstack.com 9.1 2.3 6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://wordpress.org/plugins/give/#developers
Third Party Advisory
Release Notes
https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-creation-via-export-function-vulnerability
Patch
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/53ddfd2d-7af1-4561-ab76-5cb3238e8f8b
Third Party Advisory