CVE-2022-1585

Published Aug 1, 2022

Last updated 6 months ago

Overview

Description: The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
Source: contact@wpscan.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

contact@wpscan.com: CWE-552
nvd@nist.gov: CWE-552

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:project-source-code-download_project:project-source-code-download:1.0.0:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FC4A198-A023-4515-8642-4BADEA772E3E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.