CVE-2022-4106 Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download

2022-12-1913:41:50

WPScan

www.cve.org

cve-2022-4106

wholesale market

woocommerce

unauthenticated

arbitrary file download

wordpress plugin

authorisation check

user input validation

system path

EPSS

0.002

Percentile

62.2%

JSON

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Wholesale Market for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed

EPSS

0.002

Percentile

62.2%

JSON

Related for CVELIST:CVE-2022-4106