Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by helpful_project
CVE-2022-2834 (GCVE-0-2022-2834)
Vulnerability from cvelistv5 – Published: 2022-10-17 00:00 – Updated: 2025-05-13 19:11
VLAI
Title
Helpful < 4.5.26 - Information Disclosure
Summary
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/468d5fc7-04c6-43… | exploitvdb-entrytechnical-description |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2834",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:11:30.633046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:11:57.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Helpful",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksi Kistauri"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin\u0027s settings"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T09:58:20.023Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Helpful \u003c 4.5.26 - Information Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2834",
"datePublished": "2022-10-17T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-05-13T19:11:57.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24841 (GCVE-0-2021-24841)
Vulnerability from cvelistv5 – Published: 2021-11-17 10:15 – Updated: 2024-08-03 19:42
VLAI
Title
Helpful < 4.4.59 - Admin+ Stored Cross-Site Scripting
Summary
The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/55d11acf-8c47-40… | x_refsource_MISC |
| https://mikadmin.fr/tech/XSS-Stored-Helpful-5b10b… | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/55d11acf-8c47-40da-be47-24f74fd7566e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikadmin.fr/tech/XSS-Stored-Helpful-5b10bc7f40ab319f9797eb4abad4f420660.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Helpful",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.4.59",
"status": "affected",
"version": "4.4.59",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mika"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T10:15:49.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/55d11acf-8c47-40da-be47-24f74fd7566e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikadmin.fr/tech/XSS-Stored-Helpful-5b10bc7f40ab319f9797eb4abad4f420660.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Helpful \u003c 4.4.59 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24841",
"STATE": "PUBLIC",
"TITLE": "Helpful \u003c 4.4.59 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Helpful",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.4.59",
"version_value": "4.4.59"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/55d11acf-8c47-40da-be47-24f74fd7566e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/55d11acf-8c47-40da-be47-24f74fd7566e"
},
{
"name": "https://mikadmin.fr/tech/XSS-Stored-Helpful-5b10bc7f40ab319f9797eb4abad4f420660.pdf",
"refsource": "MISC",
"url": "https://mikadmin.fr/tech/XSS-Stored-Helpful-5b10bc7f40ab319f9797eb4abad4f420660.pdf"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24841",
"datePublished": "2021-11-17T10:15:49.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}