CVE-2022-4057
published 2023-01-02CVE-2022-4057: The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
PriorityP334medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
1.46%
70.3th percentile
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| optimizingmatters | autooptimize | < 3.1.0 | 3.1.0 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Autoptimize < 3.1.0 - Information Disclosure
nuclei·CVSS 5.3
CVE-2022-4057 [MEDIUM] Autoptimize < 3.1.0 - Information Disclosure
Autoptimize < 3.1.0 - Information Disclosure
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
Template:
id: CVE-2022-4057
info:
name: Autoptimize < 3.1.0 - Information Disclosure
author: DhiyaneshDK
severity: medium
description: |
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
impact: |
An attacker can gain access to sensitive information, potentially leading to further attacks.
remediation: |
Upgrade to Autoptimize version 3.1.0 or later to fix the information disclosure vulnerability.
reference:
- https://wpscan.com/vulnerability/95ee1b9c-1971-4c35-8527-5764e9ed64af
- https://wordpress.org/plugins/autoptimize/
- https://nvd.nist.gov/vuln/
No writeups or analysis indexed.
2023-01-02
Published