exploitDog

CVE-2022-4106

Опубликовано: 19 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

Ссылки

https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cedcommerce:wholesale_market_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 1.0.7 (исключая)

EPSS

Процентиль: 78%

0.01161

Низкий

7.5 High

CVSS3

Дефекты

CWE-552

Связанные уязвимости

GHSA-6974-v8m9-mmj5

CVSS3: 7.5

github

около 3 лет назад

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

EPSS

Процентиль: 78%

0.01161

Низкий

7.5 High

CVSS3

Дефекты

CWE-552