CVE-2022-1585

CVE-2022-1585: Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download

Vendor Unknown
Product WordPress project source code download
Weakness CWE-552 · Files accessible externally
Published August 1, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

Key dates

02Disclosure timeline

August 1, 2022 CVE published
August 3, 2024 Record updated