Vulnerability Description
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpvivid | Migration\, Backup\, Staging | < 0.9.76 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-TraverExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/Oct/0ExploitMailing ListThird Party Advisory
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5ExploitPatchThird Party Advisory
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-TraverExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/Oct/0ExploitMailing ListThird Party Advisory
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5ExploitPatchThird Party Advisory
FAQ
What is CVE-2022-2863?
CVE-2022-2863 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file f...
How severe is CVE-2022-2863?
CVE-2022-2863 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2863?
Check the references section above for vendor advisories and patch information. Affected products include: Wpvivid Migration\, Backup\, Staging.