Lucene search
HistoryAug 29, 2022 - 6:15 p.m.
CVE-2022-2638
cve-2022-2638
export all urls
wordpress plugin
file deletion
security vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
0.001 Low
EPSS
Percentile
34.3%
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server
Affected configurations
Node
atlasgondalexport_all_urlsRange<4.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| atlasgondal | export_all_urls | * | cpe:2.3:a:atlasgondal:export_all_urls:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Export All URLs",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.4",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Path traversal
2022-08-29 18:15:00
patchstack
patchstack
nvd
nvd
CVE-2022-2638
2022-08-29 18:15:09
cvelist
cvelist
CVE-2022-2638 Export All URLs < 4.4 - Admin+ Arbitrary System File Removal
2022-08-29 17:15:37
openvas
openvas
WordPress Export All URLs Plugin < 4.4 Arbitrary File Deletion Vulnerability
2023-09-15 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
0.001 Low
EPSS
Percentile
34.3%
Related for CVE-2022-2638