The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Aug 2022, 18:47
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-552 | |
References | (MISC) https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:project-source-code-download_project:project-source-code-download:1.0.0:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Project-source-code-download Project
Project-source-code-download Project project-source-code-download |
01 Aug 2022, 13:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-01 13:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-1585
Mitre link : CVE-2022-1585
CVE.ORG link : CVE-2022-1585
JSON object : View
Products Affected
project-source-code-download_project
- project-source-code-download
CWE
CWE-552
Files or Directories Accessible to External Parties