WordPress Plugin Vulnerabilities

GiveWP < 2.21.0 - Manager+ Arbitrary File Access via Export

Description

The plugin does not validate the file to be exported, which could allow manager to read arbitrary file on the web server

Affects Plugins

Plugin icon
give
Fixed in 2.21.0

References

CVE
CVE-2022-31475

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.9 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
da49c4ea-f2bb-439e-97bd-1ecddf881bb2

Timeline

Publicly Published
2022-07-12 (about 1 years ago)
Added
2022-07-25 (about 1 years ago)
Last Updated
2022-08-25 (about 1 years ago)

Other

Published
Title
Published
2023-12-21
Title
Booking Manager < 2.1.6 - Authenticated(Contributor+) SQL Injection via Shortcode
Published
2016-11-17
Title
Post Indexer <= 3.0.6.1 - Authenticated SQL Injection
Published
2024-05-15
Title
Tutor LMS Pro < 2.7.1 - Missing Authorization to Privilege Escalation
Published
2011-10-06
Title
WP Postratings < 1.62 - Authenticated SQL Injection
Published
2015-07-16
Title
Quiz And Survey Master < 4.4.4 - Authenticated Blind SQL Injection