Lucene search
WPScanCVE-2022-1551HistoryJul 25, 2022 - 1:15 p.m.
CVE-2022-1551
2022-07-2513:15:08
CWE-425
WPScan
web.nvd.nist.gov
53
6
cve-2022-1551
sp project
document manager
wordpress
plugin
security vulnerability
user files
unauthorized access
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
32.8%
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users’ sensitive files.
Affected configurations
Node
smartypantspluginssp_project_\&_document_managerRange<4.58wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| smartypantsplugins | sp_project_\&_document_manager | * | cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "SP Project & Document Manager",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.58"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Social References
More
Related
wpvulndb
wpvulndb
SP Project & Document Manager < 4.58 - Sensitive File Disclosure
2022-06-28 00:00:00
nvd
nvd
CVE-2022-1551
2022-07-25 13:15:08
patchstack
patchstack
prion
prion
Path traversal
2022-07-25 13:15:00
wpexploit
wpexploit
SP Project & Document Manager < 4.58 - Sensitive File Disclosure
2022-06-28 00:00:00
cvelist
cvelist
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
32.8%
Related for CVE-2022-1551