Lucene search

K
cvelistPatchstackCVELIST:CVE-2022-45374
HistoryMay 17, 2024 - 6:28 a.m.

CVE-2022-45374 WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.4 - Local File Inclusion

2024-05-1706:28:46
CWE-22
Patchstack
www.cve.org
1
wordpress
yarpp
local file inclusion
cve-2022-45374
path traversal
vulnerability

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

10.5%

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "yet-another-related-posts-plugin",
    "product": "YARPP",
    "vendor": "YARPP",
    "versions": [
      {
        "changes": [
          {
            "at": "5.30.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.30.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

10.5%

Related for CVELIST:CVE-2022-45374