CVE-2022-2222: 
WordPress vulnerability analysis and mitigation

CVE-2022-2222 affects the Download Monitor WordPress plugin versions before 4.5.91. The vulnerability was discovered on April 5, 2022, and publicly disclosed on June 27, 2022. This security issue impacts WordPress installations using the affected plugin versions, particularly concerning file download functionality (WPScan, NVD).

The vulnerability is classified as a File Download vulnerability with a CVSS score of 4.9 (medium severity). It is categorized under OWASP Top 10 A1: Injection and CWE-552. The technical issue stems from the plugin's failure to properly validate file paths, allowing access to files outside the intended blog folders (WPScan).

The vulnerability allows high-privilege users such as administrators to download sensitive files like wp-config.php or /etc/passwd, even in hardened environments or multisite setups. This could lead to exposure of critical system information and configuration details (WPScan).

The vulnerability has been fixed in Download Monitor version 4.5.91. Users are advised to update to this version or later to mitigate the security risk (WPScan).