CVE-2022-0236
WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15.
El plugin WP Import Export de WordPress (tanto en su versión gratuita como en la premium) es vulnerable a una divulgación de datos confidenciales sin autenticación debido a la falta de comprobación de capacidad en la función de descarga wpie_process_file_download que es encontrada en el archivo ~/includes/classes/class-wpie-general.php. Esto hacía posible que atacantes no autenticados pudieran descargar cualquier información importada o exportada de un sitio vulnerable que pudiera contener información confidencial como datos de usuarios. Esto afecta a las versiones hasta la 3.9.15 incluyéndola
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-14 CVE Reserved
- 2022-01-14 CVE Published
- 2022-01-17 First Exploit
- 2024-08-02 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0236 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/qurbat/CVE-2022-0236 | 2024-08-02 | |
https://github.com/xiska62314/CVE-2022-0236 | 2022-01-17 |
URL | Date | SRC |
---|---|---|
https://plugins.trac.wordpress.org/changeset/2649762/wp-import-export-lite/trunk/includes/classes/class-wpie-general.php | 2022-01-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vjinfotech Search vendor "Vjinfotech" | Wp Import Export Search vendor "Vjinfotech" for product "Wp Import Export" | <= 3.9.15 Search vendor "Vjinfotech" for product "Wp Import Export" and version " <= 3.9.15" | wordpress |
Affected
| ||||||
Vjinfotech Search vendor "Vjinfotech" | Wp Import Export Lite Search vendor "Vjinfotech" for product "Wp Import Export Lite" | <= 3.9.15 Search vendor "Vjinfotech" for product "Wp Import Export Lite" and version " <= 3.9.15" | wordpress |
Affected
|