Helpful < 4.5.26 – Information Disclosure | CVE 2022-2834 | Plugin Vulnerabilities

Description

The plugin puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings

Proof of Concept

After an admin export logs (via wp-admin/admin.php?page=helpful&tab=log) or feedbacks (wp-admin/admin.php?page=helpful_feedback), the CSV files can be downloaded by simply accessing the following URLs:

https://example.com/wp-content/uploads/helpful/logs.csv
https://example.com/wp-content/uploads/helpful/feedback.csv

Affects Plugins

Fixed in 4.5.26

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Aleksi Kistauri

Submitter

Aleksi Kistauri

Submitter website

https://ls4cfk.github.io/

Submitter twitter

Verified

Yes

WPVDB ID

468d5fc7-04c6-4354-b134-85ebb25b37ae

Timeline

Publicly Published

2022-09-26 (about 1 years ago)

Added

2022-09-26 (about 1 years ago)

Last Updated

2022-10-03 (about 1 years ago)

Other

Published

Title

Published

2024-04-22

Title

VikRentCar Car Rental Management System < 1.3.3 - Information Exposure

Published

2022-06-17

Title

GiveWP < 2.21.0 - Donor Information Disclosure

Published

2024-02-02

Title

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via API

Published

2020-09-21

Title

JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

Published

2022-03-30

Title

Be POPIA Compliant < 1.1.6 - Unauthenticated Sensitive Information Exposure