Lucene search
HistoryJul 25, 2022 - 1:15 p.m.
CVE-2022-1551
cve-2022-1551
sp project
document manager
wordpress
plugin
security vulnerability
user files
unauthorized access
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
32.6%
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users’ sensitive files.
Affected configurations
Node
smartypantspluginssp_project_\&_document_managerRange<4.58
| Vendor | Product | Version | CPE |
|---|---|---|---|
| smartypantsplugins | sp_project_\&_document_manager | * | cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "SP Project & Document Manager",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.58"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Social References
More
Related
wpvulndb
wpvulndb
SP Project & Document Manager < 4.58 - Sensitive File Disclosure
2022-06-28 00:00:00
cvelist
cvelist
prion
prion
Path traversal
2022-07-25 13:15:00
patchstack
patchstack
wpexploit
wpexploit
SP Project & Document Manager < 4.58 - Sensitive File Disclosure
2022-06-28 00:00:00
nvd
nvd
CVE-2022-1551
2022-07-25 13:15:08
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
32.6%
Related for CVE-2022-1551