Lucene search

WPScanCVE-2022-2357

HistoryAug 08, 2022 - 2:15 p.m.

CVE-2022-2357

2022-08-0814:15:08

CWE-552

WPScan

web.nvd.nist.gov

cve-2022-2357

wsm downloader

wordpress

plugin

file download

vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.5%

JSON

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.

Affected configurations

Nvd

Vulners

Node

wsm_downloader_projectwsm_downloaderRange≤1.4.0wordpress

VendorProductVersionCPE
wsm_downloader_projectwsm_downloader*cpe:2.3:a:wsm_downloader_project:wsm_downloader:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wsm_downloader_project	wsm_downloader	*	cpe:2.3:a:wsm_downloader_project:wsm_downloader::::::wordpress::*

CNA Affected

[
  {
    "product": "WSM Downloader",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.4.0",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.5%

JSON

Related for CVE-2022-2357