WordPress · Helpful Wordpress Plugin · CVE-2022-2834
**Name of the Vulnerable Software and Affected Versions**
The Helpful WordPress plugin versions prior to 4.5.26
**Description**
The issue allows attackers to download exported logs and feedbacks due to them being stored in a publicly accessible location with guessable names. This could lead to the retrieval of sensitive information such as IP addresses, names, and email addresses, depending on the plugin's settings.
**Recommendations**
For versions prior to 4.5.26, update to version 4.5.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the exported logs and feedbacks to minimize the risk of exploitation.