Lucene search
HistorySep 16, 2022 - 9:15 a.m.
CVE-2022-2863
migration backup staging
wordpress plugin
file traversal
vulnerability
high privilege users
web server
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
0.352
Percentile
97.2%
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Affected configurations
Node
wpvividmigration\,_backup\,_stagingRange<0.9.76wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpvivid | migration\,_backup\,_staging | * | cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2022-2863
2022-09-16 09:15:11
packetstorm
packetstorm
WordPress WPvivid Backup Path Traversal
2022-10-04 00:00:00
nuclei
nuclei
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
2022-10-19 08:26:08
openvas
openvas
prion
prion
Spoofing
2022-09-16 09:15:00
cvelist
cvelist
CVE-2022-2863 WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read
2022-09-16 00:00:00
zdt
zdt
WordPress WPvivid Backup Path Traversal Vulnerability
2022-10-05 00:00:00
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
0.352
Percentile
97.2%
Related for NVD:CVE-2022-2863