Insecure Storage of Sensitive Information Vulnerability Affects Defender Security
CVE-2022-44581

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Defender Security
Vendor: CVE Published:; 17 May 2024

What is CVE-2022-44581?

The vulnerability in WPMU DEV's Defender Security plugin enables the insecure storage of sensitive information. Specifically, this flaw allows temporary files to potentially expose sensitive data to unauthorized access. Affected versions of the plugin may lead to security risks, emphasizing the need for website administrators to assess their current installations and implement recommended patches or alternative security measures.

Affected Version(s)

Defender Security <= 3.3.2

References

https://patchstack.com/database/vulnerability/defender-se...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Nov 1, 2022

Credit

Calvin Alkan - Snicco (Patchstack Alliance)

WordPress

What is CVE-2022-44581?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit