CVE-2022-27849 - OpenCVE

Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Plugin-planet	Simple Ajax Chat

Configuration 1 [-]

cpe:2.3:a:plugin-planet:simple_ajax_chat:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability
https://wordpress.org/plugins/simple-ajax-chat/#developers

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-04-15T16:24:44.617824Z

Updated: 2024-09-16T20:06:41.885Z

Reserved: 2022-03-24T00:00:00

Link: CVE-2022-27849

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-15T17:15:08.773

Modified: 2022-04-21T20:44:38.287

Link: CVE-2022-27849

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Simple Ajax Chat (WordPress plugin)", "vendor": "Jeff Starr", "versions": [{"lessThanOrEqual": "20220115", "status": "affected", "version": "<= 20220115", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Ex.Mi (Patchstack)"}], "datePublic": "2022-04-15T00:00:00", "descriptions": [{"lang": "en", "value": "Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-15T16:24:44", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/simple-ajax-chat/#developers"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability"}], "solutions": [{"lang": "en", "value": "Update to 20220216 or higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-04-15T10:14:00.000Z", "ID": "CVE-2022-27849", "STATE": "PUBLIC", "TITLE": "WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Simple Ajax Chat (WordPress plugin)", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 20220115", "version_value": "20220115"}]}}]}, "vendor_name": "Jeff Starr"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by Ex.Mi (Patchstack)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/simple-ajax-chat/#developers", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/simple-ajax-chat/#developers"}, {"name": "https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability"}]}, "solution": [{"lang": "en", "value": "Update to 20220216 or higher version."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:09.918Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/plugins/simple-ajax-chat/#developers"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability"}]}]}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-27849", "datePublished": "2022-04-15T16:24:44.617824Z", "dateReserved": "2022-03-24T00:00:00", "dateUpdated": "2024-09-16T20:06:41.885Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plugin-planet:simple_ajax_chat:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A58E9B25-5A75-4B20-8CE0-A43AE894BBCE", "versionEndIncluding": "20220115", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115"}, {"lang": "es", "value": "Una Divulgaci\u00f3n de Informaci\u00f3n Confidencial (sac-export.csv) en Simple Ajax Chat (plugin de WordPress) versiones anteriores a 20220115 incluy\u00e9ndola"}], "id": "CVE-2022-27849", "lastModified": "2022-04-21T20:44:38.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2022-04-15T17:15:08.773", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability"}, {"source": "audit@patchstack.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/simple-ajax-chat/#developers"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "audit@patchstack.com", "type": "Primary"}]}