WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability
ID: CVE-2022-27849
Severity: high
Author: random-robbie
Tags: cve,cve2022,wp,wordpress,wp-plugin,disclosure,plugin-planet
Description
Section titled “Description”WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.
YAML Source
Section titled “YAML Source”id: CVE-2022-27849
info: name: WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability author: random-robbie severity: high description: | WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it. impact: | An attacker can exploit this vulnerability to gain access to sensitive information, such as user credentials or private messages. remediation: | Update to the latest version of the WordPress Simple Ajax Chat plugin to fix the vulnerability. reference: - https://wordpress.org/plugins/simple-ajax-chat/#developers - https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2022-27849 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-27849 cwe-id: CWE-200 epss-score: 0.00713 epss-percentile: 0.80067 cpe: cpe:2.3:a:plugin-planet:simple_ajax_chat:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: plugin-planet product: simple_ajax_chat framework: wordpress google-query: inurl:/wp-content/plugins/simple-ajax-chat/ tags: cve,cve2022,wp,wordpress,wp-plugin,disclosure,plugin-planet
http: - method: GET path: - '{{BaseURL}}/wp-content/plugins/simple-ajax-chat/sac-export.csv'
matchers-condition: and matchers: - type: word part: body words: - '"Chat Log"' - '"User IP"' - '"User ID"' condition: and
- type: word part: header words: - text/csv
- type: status status: - 200# digest: 4b0a00483046022100eef8f77092164d68c0eebc954c49adba1f04c4265126d0dd74e692acbd229482022100fd3a211fd6a75fa36ed4e296665fd9c45db3be3e9f11907c641d0c15db016125:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-27849.yaml"