CVE-2022-1392

CVE-2022-1392: Videos sync PDF <= 1.7.4 - Unauthenticated LFI

Vendor Unknown
Product Videos sync PDF
Weakness CWE-22 · Path traversal
Published April 25, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues

Key dates

02Disclosure timeline

April 25, 2022 CVE published
August 3, 2024 Record updated