exploitDog

CVE-2022-31475

Опубликовано: 21 июл. 2022

Источник: nvd

CVSS3: 5.5

CVSS3: 4.9

EPSS Низкий

Описание

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

Ссылки

https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-read-via-export-function-vulnerability
Release Notes
Third Party Advisory
https://wordpress.org/plugins/give/#developers
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-read-via-export-function-vulnerability
Release Notes
Third Party Advisory
https://wordpress.org/plugins/give/#developers
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*

Версия до 2.21.0 (исключая)

EPSS

Процентиль: 63%

0.00439

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-5267-2g9r-5cqx

CVSS3: 4.9

github

больше 3 лет назад

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

EPSS

Процентиль: 63%

0.00439

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-22

CWE-22