PT-2022-20753 · WordPress · Givewp
Rafie Muhammad
·
Published
2022-07-21
·
Updated
2023-08-08
·
CVE-2022-31475
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GiveWP plugin versions <= 2.20.2
Description
The issue is related to an authenticated arbitrary file read vulnerability via the export function in the GiveWP plugin for WordPress. This vulnerability can be exploited by users with a custom plugin role.
Recommendations
For GiveWP plugin versions <= 2.20.2, update to a version greater than 2.20.2 to resolve the issue. As a temporary workaround, consider restricting access to the export function to minimize the risk of exploitation.
Fix
Improper Access Control
Path traversal
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Givewp