CVE-2022-2392 : The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbit

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.

Published 2022-08-22 15:15:15

Updated 2022-08-25 02:53:38

Source WPScan

View at NVD, CVE.org

Products affected by CVE-2022-2392

Lana » Lana Downloads Manager » For Wordpress
Versions before (<) 1.8.0
cpe:2.3:a:lana:lana_downloads_manager:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-2392

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 38 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-2392

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-2392

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Assigned by: contact@wpscan.com (Primary)

References for CVE-2022-2392

https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b

Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-2392

Products affected by CVE-2022-2392

Exploit prediction scoring system (EPSS) score for CVE-2022-2392

CVSS scores for CVE-2022-2392

CWE ids for CVE-2022-2392

References for CVE-2022-2392