Videos sync PDF <= 1.7.4 - Unauthenticated LFI
CVE-2022-1392

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Videos Sync PDF
Vendor: CVE Published:; 25 April 2022

What is CVE-2022-1392?

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues

Affected Version(s)

Videos sync PDF 1.7.4

References

https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-...

x_refsource_MISC

https://packetstormsecurity.com/files/166534/

x_refsource_MISC

EPSS Score

50% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2022
Vulnerability Reserved
Apr 19, 2022

Credit

Hassan Khan Yusufzai - Splint3r7

CVE-2022-1392 Data

JSON

Wordpress

What is CVE-2022-1392?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit