Vulnerability Description
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartypantsplugins | Sp Project \& Document Manager | < 4.58 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/51b4752a-7922-444d-a022-f1c7159b5d84ExploitThird Party Advisory
- https://wpscan.com/vulnerability/51b4752a-7922-444d-a022-f1c7159b5d84ExploitThird Party Advisory
FAQ
What is CVE-2022-1551?
CVE-2022-1551 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
How severe is CVE-2022-1551?
CVE-2022-1551 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1551?
Check the references section above for vendor advisories and patch information. Affected products include: Smartypantsplugins Sp Project \& Document Manager.