Sensitive Information Exposure in Helpful WordPress Plugin (<=4.5.26)

Sensitive Information Exposure in Helpful WordPress Plugin (<=4.5.26)

CVE-2022-2834 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings

Learn more about our Wordpress Pen Testing.