How severe is CVE-2022-2633?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2022-2633?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2022-2633 - HIGH Severity | CVSS 8.2

Vulnerability Description

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.

Related Vulnerabilities

CVE-2024-47773

HIGH

CVSS:8.2(High)

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects...

CWE-6102024

CVE-2024-31319

HIGH

CVSS:8.4(High)

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privile...

CWE-6102024

CVE-2018-9582

HIGH

CVSS:7.8(High)

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privi...

CWE-6102018

CVE-2019-15394

HIGH

CVSS:7.8(High)

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package nam...

CWE-6102019

CVE-2019-15405

HIGH

CVSS:7.8(High)

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of...

CWE-6102019

CVE-2019-15418

HIGH

CVSS:7.8(High)

CWE-6102019