Description
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f
Scores
CVSS v3
7.5
EPSS
0.0089
EPSS Percentile
54.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (1)
project-source-code-download_project/project-source-code-download
1.0.0
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026