Medium severity6.5NVD Advisory· Published May 16, 2022· Updated Jun 17, 2026
CVE-2022-1560
CVE-2022-1560
Description
The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2< 3.8+ 1 more
- (no CPE)range: < 3.8
- (no CPE)range: 3.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/5c5fbbea-92d2-46bb-9a70-75155fffb6denvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.