CVE-2022-4106 Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download

2022-12-1913:41:50

WPScan

www.cve.org

cve-2022-4106

wholesale market

woocommerce

unauthenticated

arbitrary file download

wordpress plugin

authorisation check

user input validation

system path

0.002 Low

EPSS

Percentile

60.1%

JSON

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Wholesale Market for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed

0.002 Low

EPSS

Percentile

60.1%

JSON

Related for CVELIST:CVE-2022-4106