exploitDog

CVE-2022-1585

Опубликовано: 01 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

Ссылки

https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:project-source-code-download_project:project-source-code-download:1.0.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 68%

0.00583

Низкий

7.5 High

CVSS3

Дефекты

CWE-552

CWE-552

Связанные уязвимости

GHSA-5vm6-mm87-jjv8

CVSS3: 7.5

github

больше 3 лет назад

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

EPSS

Процентиль: 68%

0.00583

Низкий

7.5 High

CVSS3

Дефекты

CWE-552

CWE-552