Medium severity4.3NVD Advisory· Published Mar 28, 2022· Updated Jun 17, 2026
CVE-2022-0833
CVE-2022-0833
Description
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.4.135
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/b2c7c1e8-d72c-4b1e-b5cb-dc2a6538965dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.