CVE-2022-2834

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae	Exploit Third Party Advisory
https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:helpful_project:helpful:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-10-17 12:15

Updated : 2025-05-13 20:15

NVD link : CVE-2022-2834

Mitre link : CVE-2022-2834

CVE.ORG link : CVE-2022-2834

JSON object : View

Products Affected

helpful_project

helpful

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2022-2834", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-10-17T12:15:09.960", "references": [{"url": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings"}, {"lang": "es", "value": "El plugin Helpful de WordPress versiones anteriores a 4.5.26 pone los registros y feedbacks exportados en una ubicaci\u00f3n de acceso p\u00fablico y nombres adivinables, lo que podr\u00eda permitir a atacantes descargarlos y recuperar informaci\u00f3n confidencial como la IP, los nombres y la direcci\u00f3n de correo electr\u00f3nico en funci\u00f3n de la configuraci\u00f3n del plugin"}], "lastModified": "2025-05-13T20:15:22.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helpful_project:helpful:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0CB44B14-E11A-4650-9376-BD8F14A43848", "versionEndExcluding": "4.5.26"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}