WordPress Plugin Vulnerabilities

SP Project & Document Manager < 4.58 - Sensitive File Disclosure

Description

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.

Proof of Concept

1. Upload a file using the plugin.
2. On another browser, access the newly uploaded file via:

https://vulnerable-site.tld/wp-content/uploads/sp-client-document-manager/[user's uid]/file.format

Affects Plugins

sp-client-document-manager

Fixed in version 4.58

References

CVE

CVE-2022-1551

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

Miscellaneous

Original Researcher

Viktor Markopoulos

Submitter

Viktor Markopoulos

Submitter website

https://www.bitcrack.net/

Submitter twitter

bitcrack_cyber

Verified

Yes

WPVDB ID

51b4752a-7922-444d-a022-f1c7159b5d84

Timeline

Publicly Published

2022-06-28 (about 5 months ago)

Added

2022-06-28 (about 5 months ago)

Last Updated

2022-07-25 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin