Unprotected Backup Generation and Download Vulnerability in Project Source Code Download WordPress Plugin

Unprotected Backup Generation and Download Vulnerability in Project Source Code Download WordPress Plugin

CVE-2022-1585 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

Learn more about our Wordpress Pen Testing.