CVE-2022-1585

{"id": "CVE-2022-1585", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-08-01T13:15:09.877", "references": [{"url": "https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php."}, {"lang": "es", "value": "El plugin Project Source Code Download de WordPress versiones hasta 1.0.0, no protege sus funcionalidades de generaci\u00f3n y descarga de copias de seguridad, lo que puede permitir a cualquier visitante del sitio descargar todo el sitio, incluyendo archivos confidenciales como wp-config.php"}], "lastModified": "2022-08-04T18:47:39.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:project-source-code-download_project:project-source-code-download:1.0.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2FC4A198-A023-4515-8642-4BADEA772E3E"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}