CVE-2022-1585

Summary

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

Affected Software

VendorProductVersion RangeStatus
UnknownWordPress project source code download1.0.0 <= 1.0.0affected

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CVE Program Container

Additional References

References