01642 06 11 11 Arrange Call

Unprotected Backup Generation and Download Vulnerability in Project Source Code Download WordPress Plugin

CVE-2022-1585 · HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-1585

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

Learn more about our Wordpress Pen Testing.