Lucene search
CVE-2022-4047
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 allows unauthenticated users to upload arbitrary files leading to RC
Show more
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | Design/Logic Flaw | 26 Dec 202213:15 | – | prion |
 | CVE-2022-4047 Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload | 26 Dec 202212:28 | – | cvelist |
 | CVE-2022-4047 Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload | 26 Dec 202212:28 | – | vulnrichment |
 | Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload | 5 Dec 202200:00 | – | wpvulndb |
 | Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload | 5 Dec 202200:00 | – | wpexploit |
 | CVE-2022-4047 | 26 Dec 202213:15 | – | nvd |
 | Exploit for CVE-2022-4047 | 26 Sep 202307:23 | – | githubexploit |
| Exploit for CVE-2022-4047 | 14 Dec 202307:36 | – | githubexploit |
Node
[
{
"vendor": "Unknown",
"product": "Return Refund and Exchange For WooCommerce",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.0.9"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| file | request body | /wp-admin/admin-ajax.php | Unauthenticated arbitrary file upload vulnerability in WooCommerce plugin allowing PHP file uploads. |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo26 Dec 2022 13:15Current
9.7High risk
Vulners AI Score9.7
CVSS39.8
EPSS0.6701
SSVC