Lucene search

K
cveWPScanCVE-2022-2834
HistoryOct 17, 2022 - 12:15 p.m.

CVE-2022-2834

2022-10-1712:15:09
CWE-552
WPScan
web.nvd.nist.gov
32
cve-2022-2834
wordpress plugin
sensitive information exposure
logs
feedbacks
nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5

Confidence

High

EPSS

0.001

Percentile

40.2%

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin’s settings

Affected configurations

Nvd
Vulners
Node
helpful_projecthelpfulRange<4.5.26wordpress
VendorProductVersionCPE
helpful_projecthelpful*cpe:2.3:a:helpful_project:helpful:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Helpful",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.5.26"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5

Confidence

High

EPSS

0.001

Percentile

40.2%