9.8
CVE-2022-4395
- EPSS 17.57%
- Veröffentlicht 30.01.2023 21:15:10
- Zuletzt bearbeitet 27.03.2025 20:15:17
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginMembership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
Membership For WooCommerce <= 2.1.6 - Unauthenticated Arbitrary File Upload
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
Mögliche Gegenmaßnahme
Membership For WooCommerce: Update to version 2.1.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpswings ≫ Membership For Woocommerce SwPlatformwordpress Version < 2.1.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Membership For WooCommerce
Version
*-2.1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.57% | 0.968 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40
https://packetstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.html
https://www.exploit-db.com/exploits/51959
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ad1af69-61e1-4453-866e-1ae71f614f30