CVE-2022-2834

Name of the Vulnerable Software and Affected Versions The Helpful WordPress plugin versions prior to 4.5.26

Description The issue allows attackers to download exported logs and feedbacks due to them being stored in a publicly accessible location with guessable names. This could lead to the retrieval of sensitive information such as IP addresses, names, and email addresses, depending on the plugin's settings.

Recommendations For versions prior to 4.5.26, update to version 4.5.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the exported logs and feedbacks to minimize the risk of exploitation.