PT-2022-13984 · WordPress · Project Source Code Download
Daniel Ruf
·
Published
2022-08-01
·
Updated
2022-08-04
·
CVE-2022-1585
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Project Source Code Download WordPress plugin version 1.0.0
Description
The issue concerns the lack of protection for backup generation and download functionalities in the plugin, potentially allowing any site visitor to download the entire site, including sensitive files like
wp-config.php.Recommendations
For version 1.0.0, consider disabling the backup generation and download functionalities until a patch is available to prevent unauthorized access to sensitive site files.
Exploit
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Project Source Code Download