WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability
CVE-2022-31475
4.9MEDIUM
Summary
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
Affected Version(s)
GiveWP (WordPress plugin) <= 2.20.2 <= 2.20.2
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)