CVE-2022-50956

MEDIUM

WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50956. PoCs published by Hassan Khan Yusufzai.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated local file read vulnerability in the WordPress plugin 'amministrazione-aperta' version 3.7.3. The vulnerability arises from unsanitized user input in the 'open' parameter of 'dispatcher.php', allowing arbitrary file inclusion.

Description

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.

Exploits (1)

exploitdb WORKING POC

by Hassan Khan Yusufzai · textwebappsphp

https://www.exploit-db.com/exploits/50838

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated local file read vulnerability in the WordPress plugin 'amministrazione-aperta' version 3.7.3. The vulnerability arises from unsanitized user input in the 'open' parameter of 'dispatcher.php', allowing arbitrary file inclusion.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin amministrazione-aperta 3.7.3

No auth needed

Prerequisites: WordPress installation with the vulnerable plugin active

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 10, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-50838

https://www.exploit-db.com/exploits/50838

Product product

Official Product Homepage

https://wordpress.org/plugins/amministrazione-aperta/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

https://www.vulncheck.com/advisories/wordpress-plugin-amministrazione-aperta-local-file-read

Scores

CVSS v3 6.2

EPSS 0.0015

EPSS Percentile 4.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

amministrazione-aperta/amministrazione-aperta 3.7.3

Published May 10, 2026

Tracked Since May 10, 2026