Cedcommerce

Wholesale Market For Woocommerce

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-4363

Exploit
  • EPSS 0.04%
  • Veröffentlicht 16.05.2025 20:33:45
  • Zuletzt bearbeitet 12.06.2025 16:46:05

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF att...

2.7

CVE-2022-4109

Exploit
  • EPSS 0.33%
  • Veröffentlicht 02.01.2023 22:15:16
  • Zuletzt bearbeitet 10.04.2025 19:15:50

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able t...

7.5

CVE-2022-4106

Exploit
  • EPSS 1.16%
  • Veröffentlicht 19.12.2022 14:15:12
  • Zuletzt bearbeitet 14.04.2025 19:15:33

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

4.9

CVE-2022-4108

Exploit
  • EPSS 0.6%
  • Veröffentlicht 19.12.2022 14:15:12
  • Zuletzt bearbeitet 14.04.2025 19:15:34

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to ...