exploitDog

CVE-2022-4298

Опубликовано: 02 янв. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

Ссылки

https://wpscan.com/vulnerability/7485ad23-6ea4-4018-88b1-174312a0a478
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7485ad23-6ea4-4018-88b1-174312a0a478
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cedcommerce:wholesale_market:*:*:*:*:*:wordpress:*:*

Версия до 2.2.1 (исключая)

EPSS

Процентиль: 98%

0.55741

Средний

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-r9x2-m498-v92q

CVSS3: 9.8

github

около 3 лет назад

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

EPSS

Процентиль: 98%

0.55741

Средний

9.8 Critical

CVSS3

Дефекты