Lucene search

[email protected]CVE-2022-4107

HistoryDec 19, 2022 - 2:15 p.m.

CVE-2022-4107

2022-12-1914:15:00

[email protected]

web.nvd.nist.gov

cve-2022-4107

smsa shipping

woocommerce

wordpress

plugin

file download

authentication

csrf

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.2%

JSON

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server

CPENameOperatorVersion
cedcommerce:smsa_shipping_for_woocommercecedcommerce smsa shipping for woocommercelt1.0.5

CPE	Name	Operator	Version
cedcommerce:smsa_shipping_for_woocommerce	cedcommerce smsa shipping for woocommerce	lt	1.0.5

References

wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.2%

JSON

Related for CVE-2022-4107

prion1 wpvulndb1 patchstack1 wpexploit1