Local File Read Vulnerability in Amministrazione-Aperta Plugin for WordPress
CVE-2022-50956

6.9MEDIUM

Key Information:

Vendor

WordPress
Status
Amministrazione-aperta
Vendor
CVE Published:
10 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2022-50956?

The Amministrazione-Aperta plugin for WordPress version 3.7.3 has a local file read vulnerability that enables unauthenticated attackers to exploit insufficient input validation in the 'open' parameter of dispatcher.php. By manipulating file paths through the 'open' GET parameter, attackers can read arbitrary files on the server, potentially exposing sensitive information. It's essential for users of this plugin to take immediate action to mitigate this risk.

Affected Version(s)

amministrazione-aperta 3.7.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-50956 - Proof of Concept

References

https://www.exploit-db.com/exploits/50838
exploit
https://wordpress.org/plugins/amministrazione-aperta/
product
https://www.vulncheck.com/advisories/wordpress-plugin-amm...
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hassan Khan Yusufzai - Splint3r7
.