Vulnerability Description
The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amministrazione Aperta Project | Amministrazione Aperta | < 3.8 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/5c5fbbea-92d2-46bb-9a70-75155fffb6deExploitThird Party Advisory
- https://wpscan.com/vulnerability/5c5fbbea-92d2-46bb-9a70-75155fffb6deExploitThird Party Advisory
FAQ
What is CVE-2022-1560?
CVE-2022-1560 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory ment...
How severe is CVE-2022-1560?
CVE-2022-1560 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1560?
Check the references section above for vendor advisories and patch information. Affected products include: Amministrazione Aperta Project Amministrazione Aperta.