Vulnerability Description
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lana | Lana Downloads Manager | < 1.8.0 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61bExploitThird Party Advisory
- https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61bExploitThird Party Advisory
FAQ
What is CVE-2022-2392?
CVE-2022-2392 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
How severe is CVE-2022-2392?
CVE-2022-2392 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2392?
Check the references section above for vendor advisories and patch information. Affected products include: Lana Lana Downloads Manager.