VYPR

Amministrazione Aperta

by WordPress

Source repositories

CVEs (2)

  • CVE-2022-1560MedMay 16, 2022
    risk 0.42cvss 6.5epss 0.02

    The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file…

  • CVE-2022-50956MedMay 10, 2026
    risk 0.40cvss 6.2epss 0.00

    WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter…