9.8
CVE-2022-4395
- EPSS 75.49%
- Veröffentlicht 30.01.2023 21:15:10
- Zuletzt bearbeitet 27.03.2025 20:15:17
- Quelle contact@wpscan.com
- Teams Watchlist Login
- Unerledigt Login
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpswings ≫ Membership For Woocommerce SwPlatformwordpress Version < 2.1.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 75.49% | 0.989 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|