Lucene search

WPScanCVE-2022-4106

HistoryDec 19, 2022 - 2:15 p.m.

CVE-2022-4106

2022-12-1914:15:12

CWE-552

WPScan

web.nvd.nist.gov

cve-2022-4106

woocommerce

wordpress

plugin

security

vulnerability

authorization check

file download

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

62.2%

JSON

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

Affected configurations

Nvd

Vulners

Node

cedcommercewholesale_market_for_woocommerceRange<1.0.7wordpress

VendorProductVersionCPE
cedcommercewholesale_market_for_woocommerce*cpe:2.3:a:cedcommerce:wholesale_market_for_woocommerce:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
cedcommerce	wholesale_market_for_woocommerce	*	cpe:2.3:a:cedcommerce:wholesale_market_for_woocommerce::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Wholesale Market for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

62.2%

JSON

Related for CVE-2022-4106