Rewterz Threat Advisory – CVE-2022-2563 – Tutor LMS Plugin For WordPress Vulnerability
November 7, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
November 7, 2022Rewterz Threat Advisory – CVE-2022-2563 – Tutor LMS Plugin For WordPress Vulnerability
November 7, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
November 7, 2022Severity
Medium
Analysis Summary
CVE-2022-2981
Download Monitor plugin for WordPress could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when decoding base64 encoded URL requests. By sending a specially crafted request, a remote attacker could exploit this vulnerability to download arbitrary files from the system the affected system.
Impact
Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-2981
Affected Vendors
WordPress
Affected Products
Download Monitor plugin for WordPress 4.5.97
Remediation
Upgrade to the latest version of Download Monitor Plugin, available from the WordPress Plugin Directory.