Lucene search
China National Vulnerability DatabaseCNVD-2022-62167HistoryJul 19, 2022 - 12:00 a.m.
WordPress plugin Download Monitor arbitrary file download vulnerability
2022-07-1900:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
wordpress
download monitor
arbitrary file
vulnerability
php
blogging platform
highly privileged attacker
EPSS
0.001
Percentile
32.8%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Download Monitor versions prior to 4.5.91 are vulnerable to an arbitrary file download vulnerability that stems from the plugin’s failure to ensure that the file to be downloaded is within the blog folder and is insensitive. and is insensitive enough that a highly privileged attacker could exploit the vulnerability to download wp-config.php or /etc/passwd.
Related
patchstack
patchstack
nvd
nvd
CVE-2022-2222
2022-07-17 11:15:09
wpvulndb
wpvulndb
Download Monitor < 4.5.91 - Admin+ Arbitrary File Download
2022-04-05 00:00:00
osv
osv
CVE-2022-2222
2022-07-17 11:15:09
wpexploit
wpexploit
Download Monitor < 4.5.91 - Admin+ Arbitrary File Download
2022-04-05 00:00:00
cvelist
cvelist
CVE-2022-2222 Download Monitor < 4.5.91 - Admin+ Arbitrary File Download
2022-07-17 10:37:28
prion
prion
Design/Logic Flaw
2022-07-17 11:15:00
cve
cve
CVE-2022-2222
2022-07-17 11:15:09