CVE-2022-4328

Exploit

EPSS 4.43%
Veröffentlicht 06.03.2023 14:15:09
Zuletzt bearbeitet 04.03.2025 20:15:35
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

WooCommerce Checkout Field Manager <= 17.3 - Unauthenticated Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

Mögliche Gegenmaßnahme

WooCommerce Checkout Field Manager: Update to version 18.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Najeebmedia ≫ Woocommerce Checkout Field Manager SwPlatformwordpress Version < 18.0

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WooCommerce Checkout Field Manager

Version *-17.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.43%	0.901

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/9be94d63-f027-4988-ab41-673658c1fa5f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4328

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4328

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4328

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4328