Lucene search

[email protected]CVE-2022-45852

HistoryApr 24, 2024 - 11:15 a.m.

CVE-2022-45852

2024-04-2411:15:46

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-45852

organization

individual

security problem

publicized

details

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5.

Affected configurations

Vulners

Node

formassembly_\/_drew_buschhornwp-formassemblyRange≤2.0.5

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "formassembly-web-forms",
    "product": "WP-FormAssembly",
    "vendor": "FormAssembly / Drew Buschhorn",
    "versions": [
      {
        "changes": [
          {
            "at": "2.0.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.0.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/formassembly-web-forms/wordpress-wp-formassembly-plugin-2-0-5-auth-arbitrary-file-read-vulnerability?_s_id=cve

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for CVE-2022-45852

cvelist1 vulnrichment1 patchstack1 nvd1