CVE-2022-50956

MEDIUM 6.2

WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

CVSS Score

6.2

EPSS Score

0.0%

EPSS Percentile

8th

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.

CWE	CWE-22
Vendor	amministrazione-aperta
Product	amministrazione-aperta
Published	May 10, 2026
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for amministrazione-aperta amministrazione-aperta

Be the first to know when new medium vulnerabilities affecting amministrazione-aperta amministrazione-aperta are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

amministrazione-aperta / amministrazione-aperta

3.7.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50838 wordpress.org: https://wordpress.org/plugins/amministrazione-aperta/ vulncheck.com: https://www.vulncheck.com/advisories/wordpress-plugin-amministrazione-aperta-local-file-read

Credits

Hassan Khan Yusufzai - Splint3r7