Lucene search
WPScanCVE-2022-4328HistoryMar 06, 2023 - 2:15 p.m.
CVE-2022-4328
2023-03-0614:15:09
WPScan
web.nvd.nist.gov
47
woocommerce
checkout field manager
wordpress
plugin
vulnerability
cve-2022-4328
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.192
Percentile
96.4%
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
Affected configurations
Node
najeebmediawoocommerce_checkout_field_managerRange<18.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| najeebmedia | woocommerce_checkout_field_manager | * | cpe:2.3:a:najeebmedia:woocommerce_checkout_field_manager:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WooCommerce Checkout Field Manager",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "18.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nuclei
nuclei
WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
2023-05-06 12:12:20
cvelist
cvelist
wpvulndb
wpvulndb
prion
prion
Code injection
2023-03-06 14:15:00
nvd
nvd
CVE-2022-4328
2023-03-06 14:15:09
wpexploit
wpexploit
wordfence
wordfence
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.192
Percentile
96.4%
Related for CVE-2022-4328