CVE-2022-0236 - OpenCVE

The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vjinfotech	Wp Import Export Lite Wp Import Export

Configuration 1 [-]

OR	cpe:2.3:a:vjinfotech:wp_import_export::::::wordpress::*
	cpe:2.3:a:vjinfotech:wp_import_export_lite::::::wordpress::*

References

Link	Resource
https://github.com/qurbat/CVE-2022-0236	Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2649762/wp-import-export-lite/trunk/includes/classes/class-wpie-general.php	Patch Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0236	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-01-18T16:52:22

Updated: 2022-01-18T16:52:22

Reserved: 2022-01-14T00:00:00

Link: CVE-2022-0236

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-18T17:15:10.600

Modified: 2022-01-24T17:29:42.847

Link: CVE-2022-0236

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"containers": {"cna": {"affected": [{"product": "WP Import Export", "vendor": "vjinfotech", "versions": [{"lessThanOrEqual": "3.9.15", "status": "affected", "version": "3.9.15", "versionType": "custom"}]}, {"product": "WP Import Export Lite", "vendor": "vjinfotech", "versions": [{"lessThanOrEqual": "3.9.15", "status": "affected", "version": "3.9.15", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Karan Saini (Kloudle Inc.)"}], "descriptions": [{"lang": "en", "value": "The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-18T16:52:22", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0236"}, {"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/changeset/2649762/wp-import-export-lite/trunk/includes/classes/class-wpie-general.php"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/qurbat/CVE-2022-0236"}], "solutions": [{"lang": "en", "value": "Update to version 3.9.16, or newer. "}], "source": {"discovery": "EXTERNAL"}, "title": "WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Wordfence", "ASSIGNER": "security@wordfence.com", "ID": "CVE-2022-0236", "STATE": "PUBLIC", "TITLE": "WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WP Import Export", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.9.15", "version_value": "3.9.15"}]}}, {"product_name": "WP Import Export Lite", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.9.15", "version_value": "3.9.15"}]}}]}, "vendor_name": "vjinfotech"}]}}, "credit": [{"lang": "eng", "value": "Karan Saini (Kloudle Inc.)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0236", "refsource": "MISC", "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0236"}, {"name": "https://plugins.trac.wordpress.org/changeset/2649762/wp-import-export-lite/trunk/includes/classes/class-wpie-general.php", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset/2649762/wp-import-export-lite/trunk/includes/classes/class-wpie-general.php"}, {"name": "https://github.com/qurbat/CVE-2022-0236", "refsource": "MISC", "url": "https://github.com/qurbat/CVE-2022-0236"}]}, "solution": [{"lang": "en", "value": "Update to version 3.9.16, or newer. "}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2022-0236", "datePublished": "2022-01-18T16:52:22", "dateReserved": "2022-01-14T00:00:00", "dateUpdated": "2022-01-18T16:52:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vjinfotech:wp_import_export:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F3F82CF1-B7B1-44C6-9DE7-86678A789453", "versionEndIncluding": "3.9.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:vjinfotech:wp_import_export_lite:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A594FE37-A2C4-4B38-939C-1C8469D94241", "versionEndIncluding": "3.9.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15."}, {"lang": "es", "value": "El plugin WP Import Export de WordPress (tanto en su versi\u00f3n gratuita como en la premium) es vulnerable a una divulgaci\u00f3n de datos confidenciales sin autenticaci\u00f3n debido a la falta de comprobaci\u00f3n de capacidad en la funci\u00f3n de descarga wpie_process_file_download que es encontrada en el archivo ~/includes/classes/class-wpie-general.php. Esto hac\u00eda posible que atacantes no autenticados pudieran descargar cualquier informaci\u00f3n importada o exportada de un sitio vulnerable que pudiera contener informaci\u00f3n confidencial como datos de usuarios. Esto afecta a las versiones hasta la 3.9.15 incluy\u00e9ndola"}], "id": "CVE-2022-0236", "lastModified": "2022-01-24T17:29:42.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2022-01-18T17:15:10.600", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/qurbat/CVE-2022-0236"}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2649762/wp-import-export-lite/trunk/includes/classes/class-wpie-general.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0236"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}