CVE-2022-31475
Published: 21 July 2022
Summary
CVE-2022-31475 is a medium-severity Path Traversal (CWE-22) vulnerability in Givewp Givewp. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 30.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-52937
Vulnerability details
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Designating authorized individuals and mandating pre/post-publication reviews enforces access controls on who can publish content publicly.
Identifying users with access to specific system components supports enforcement of proper access controls on information.
Protecting CIA of backups requires access controls to prevent unauthorized access, modification, or deletion.
Approving and monitoring all maintenance activities prevents improper access control by restricting unauthorized personnel from performing maintenance on system components.
Policy and procedures establish documented access controls and responsibilities for media, reducing improper access.
The control enforces access restrictions on media, directly mitigating improper access control weaknesses.
Mandating and assessing controls at alternate sites enforces proper access control mechanisms that would otherwise be absent or weak in uncontrolled remote locations.
Mandating protection of the plan from unauthorized access and modification enforces access control on this organization-wide security governance artifact.