CVE-2022-4108 Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download

2022-12-1913:41:44

WPScan

www.cve.org

cve-2022-4108

wholesale market

woocommerce

arbitrary file download

admin

user input

system path

high privilege users

wordpress plugin

vulnerability.

0.001 Low

EPSS

Percentile

29.8%

JSON

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Wholesale Market for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.8"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/9d1770df-91f0-41e3-af0d-522ae4e62470

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for CVELIST:CVE-2022-4108