CVE-2022-50956 MEDIUM

CVE-2022-50956: WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

Vendor Amministrazione-Aperta
Product amministrazione-aperta
Weakness CWE-22 · Path traversal
Published May 10, 2026
Last update May 11, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.

Explanation of Vulnerability in Simple Terms

02Summary

Amministrazione-aperta versions 3.7.3 and earlier contain a path traversal vulnerability that allows local attackers to read files outside the intended directory. The vulnerability requires local system access but no authentication or user interaction. An attacker with local access can traverse the file system to access sensitive configuration files or other restricted data.

What an attacker can do

03Attacker Capabilities

Read arbitrary files on the server outside the application's intended directory.

Potential impact on your site

04Site Impact

Sensitive files (config, database credentials, private keys) may be exposed to anyone with local server access.

Conditions required to exploit

05Prerequisites

Local access to the server; no authentication or user interaction required.

Key dates

06Disclosure timeline

May 10, 2026 CVE published
May 11, 2026 Record updated

Related vulnerabilities

08Related CVE