WordPress Plugin Vulnerabilities

MultiSafepay < 4.16.0 - Unauthenticated Arbitrary File Access

Description

The plugin does not validate a parameter which could allow unauthenticated users to read arbitrary files on the web server

Affects Plugins

Plugin icon
multisafepay
Fixed in 4.16.0

References

CVE
CVE-2022-33901

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Roldan Brandon
Verified
No
WPVDB ID
ab740168-f86b-4917-9f12-de3a20cadd4d

Timeline

Publicly Published
2022-07-18 (about 1 years ago)
Added
2022-07-25 (about 1 years ago)
Last Updated
2022-08-25 (about 1 years ago)

Other

Published
Title
Published
2024-04-25
Title
Secure Copy Content Protection and Content Locking < 3.9.1 - Missing Authorization
Published
2024-04-22
Title
Quick Featured Images < 13.7.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting
Published
2023-12-26
Title
Essential Blocks for Gutenberg < 4.2.1 - Contributor+ Unauthorised Actions
Published
2022-11-04
Title
Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update
Published
2024-04-22
Title
Integrate Google Drive < 1.3.91 - Missing Authorization