Lucene search
HistoryJul 25, 2022 - 1:15 p.m.
CVE-2022-1551
sp project & document manager
wordpress plugin
user files
unauthorized access
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
32.8%
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users’ sensitive files.
Affected configurations
Node
smartypantspluginssp_project_\&_document_managerRange<4.58wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| smartypantsplugins | sp_project_\&_document_manager | * | cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
SP Project & Document Manager < 4.58 - Sensitive File Disclosure
2022-06-28 00:00:00
patchstack
patchstack
prion
prion
Path traversal
2022-07-25 13:15:00
wpexploit
wpexploit
SP Project & Document Manager < 4.58 - Sensitive File Disclosure
2022-06-28 00:00:00
cvelist
cvelist
cve
cve
CVE-2022-1551
2022-07-25 13:15:08
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
32.8%
Related for NVD:CVE-2022-1551