Lucene search
WPScanCVE-2022-2863HistorySep 16, 2022 - 9:15 a.m.
CVE-2022-2863
2022-09-1609:15:11
CWE-22
WPScan
web.nvd.nist.gov
41
8
cve-2022-2863
wordpress
plugin
security vulnerability
file traversal
nvd
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
0.519
Percentile
97.6%
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Affected configurations
Node
wpvividmigration\,_backup\,_stagingRange<0.9.76wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpvivid | migration\,_backup\,_staging | * | cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Migration, Backup, Staging – WPvivid",
"versions": [
{
"version": "0.9.76",
"status": "affected",
"lessThan": "0.9.76",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
packetstorm
packetstorm
WordPress WPvivid Backup Path Traversal
2022-10-04 00:00:00
nvd
nvd
CVE-2022-2863
2022-09-16 09:15:11
zdt
zdt
WordPress WPvivid Backup Path Traversal Vulnerability
2022-10-05 00:00:00
cvelist
cvelist
CVE-2022-2863 WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read
2022-09-16 00:00:00
prion
prion
Spoofing
2022-09-16 09:15:00
nuclei
nuclei
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
2022-10-19 08:26:08
openvas
openvas
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
0.519
Percentile
97.6%
Related for CVE-2022-2863