CVE-2022-4108

Exploit

EPSS 0.8%
Veröffentlicht 19.12.2022 14:15:12
Zuletzt bearbeitet 14.04.2025 19:15:34
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download

Wholesale Market for WooCommerce <= 1.0.7 - Authenticated (Administrator+) Arbitrary File Download

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)

Mögliche Gegenmaßnahme

Wholesale Market for WooCommerce: Update to version 1.0.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cedcommerce ≫ Wholesale Market For Woocommerce SwPlatformwordpress Version < 1.0.8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Wholesale Market for WooCommerce

Version *-1.0.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.8%	0.517

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/9d1770df-91f0-41e3-af0d-522ae4e62470

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/52f820c5-d4ce-4925-a055-a7c75a320971

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4108

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4108

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4108

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4108