CVE-2022-1560
Last modified
CVE-2022-1560 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. EPSS estimates a 2.18% chance of exploitation in the next 30 days.
Description
The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Amministrazione Aperta Project | Amministrazione Aperta | < 3.8 |
References
- https://wpscan.com/vulnerability/5c5fbbea-92d2-46bb-9a70-75155fffb6deExploit, Third Party Advisory
- https://wpscan.com/vulnerability/5c5fbbea-92d2-46bb-9a70-75155fffb6deExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1560?
How severe is CVE-2022-1560?
How do I fix CVE-2022-1560?
Are you affected by CVE-2022-1560?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST