CVE-2022-50956 MEDIUM

CVE-2022-50956: WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

Vendor Amministrazione-Aperta

Product amministrazione-aperta

Weakness CWE-22 · Path traversal

Published May 10, 2026

Last update May 11, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.

Key dates

Disclosure timeline

May 10, 2026 CVE published

May 11, 2026 Record updated