CVE-2022-2638

Published: Aug 29, 2022Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.2 / Impact: 5.2

Source: NVD

Description

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server

Affected (1)

Products: Atlasgondal: Export All Urls

Atlasgondal

1 product

Export All Urls

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atlasgondal Export All Urls	Before 4.4

Related CWEs

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

CWE-73

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (2)

https://wpscan.com/vulnerability/70840a72-ccdc-4eee-9ad2-874809e5de11

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/70840a72-ccdc-4eee-9ad2-874809e5de11

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.