Lucene search
HistoryMar 06, 2023 - 2:15 p.m.
CVE-2022-4328
woocommerce
checkout field manager
unauthenticated attackers
arbitrary files
server
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.192
Percentile
96.4%
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
Affected configurations
Node
najeebmediawoocommerce_checkout_field_managerRange<18.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| najeebmedia | woocommerce_checkout_field_manager | * | cpe:2.3:a:najeebmedia:woocommerce_checkout_field_manager:*:*:*:*:*:wordpress:*:* |
Related
nuclei
nuclei
WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
2023-05-06 12:12:20
cvelist
cvelist
wpvulndb
wpvulndb
prion
prion
Code injection
2023-03-06 14:15:00
cve
cve
CVE-2022-4328
2023-03-06 14:15:09
wpexploit
wpexploit
wordfence
wordfence
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.192
Percentile
96.4%
Related for NVD:CVE-2022-4328