Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2022-4047

๐Ÿ—“๏ธย 26 Dec 2022ย 12:28:13Reported byย WPScanTypeย 
cve
ย cve๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 80ย Views๐ŸŒ WEB

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 allows unauthenticated users to upload arbitrary files leading to RC

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2022-4047
14 Dec 202307:36
โ€“githubexploit
Circl		CVE-2022-4047
26 Sep 202310:44
โ€“circl
CNNVD		WordPress Plugin WooCommerce ไปฃ็ ้—ฎ้ข˜ๆผๆดž
26 Dec 202200:00
โ€“cnnvd
Cvelist		CVE-2022-4047 Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload
26 Dec 202212:28
โ€“cvelist
NVD		CVE-2022-4047
26 Dec 202213:15
โ€“nvd
OSV		CVE-2022-4047
26 Dec 202213:15
โ€“osv
Prion		Design/Logic Flaw
26 Dec 202213:15
โ€“prion
Positive Technologies		PT-2022-25394 ยท WordPress ยท The Return Refund/Exchange For Woocommerce
26 Dec 202200:00
โ€“ptsecurity
RedhatCVE		CVE-2022-4047
23 May 202500:34
โ€“redhatcve
Vulnrichment		CVE-2022-4047 Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload
26 Dec 202212:28
โ€“vulnrichment
Rows per page
NVD
Vulners
Node
wpswingsreturn_refund_and_exchange_for_woocommerceRange<4.0.9wordpress
[
  {
    "vendor": "Unknown",
    "product": "Return Refund and Exchange For WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.9"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]
ParameterPositionPathDescriptionCWE
wps_rma_return_request_orderrequest bodywp-admin/admin-ajax.phpUnauthenticated file upload via AJAX can upload PHP payloads to execute remote code.
wps_rma_return_request_files[]request bodywp-admin/admin-ajax.phpUnauthenticated file upload via AJAX can upload PHP payloads to execute remote code.

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 05:19Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8
EPSS0.06152
SSVC
cve-2022-4047woocommercewordpresspluginsecurity vulnerabilityrceunauthenticated access
80