Vulnerability Description
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wsm Downloader Project | Wsm Downloader | <= 1.4.0 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553ExploitThird Party Advisory
- https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553ExploitThird Party Advisory
FAQ
What is CVE-2022-2357?
CVE-2022-2357 is a vulnerability with a CVSS score of 7.5 (HIGH). The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
How severe is CVE-2022-2357?
CVE-2022-2357 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2357?
Check the references section above for vendor advisories and patch information. Affected products include: Wsm Downloader Project Wsm Downloader.