WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Helpful < 4.5.26 - Information Disclosure

Description

The plugin puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings

Proof of Concept

After an admin export logs (via wp-admin/admin.php?page=helpful&tab=log) or feedbacks (wp-admin/admin.php?page=helpful_feedback), the CSV files can be downloaded by simply accessing the following URLs:

https://example.com/wp-content/uploads/helpful/logs.csv
https://example.com/wp-content/uploads/helpful/feedback.csv

Affects Plugins

helpful
Fixed in version 4.5.26 - plugin closed

References

CVE
CVE-2022-2834

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher

Aleksi Kistauri

Submitter

Aleksi Kistauri

Submitter website
https://ls4cfk.github.io/
Submitter twitter
ls4cfk
Verified

Yes

WPVDB ID
468d5fc7-04c6-4354-b134-85ebb25b37ae

Timeline

Publicly Published

2022-09-26 (about 8 months ago)

Added

2022-09-26 (about 8 months ago)

Last Updated

2022-10-03 (about 7 months ago)

Our Other Services

WPScan WordPress Security Plugin