The WordPress YITH WooCommerce Gift Cards Premium Plugin installed on the remote host is affected by an Arbitrary File Upload.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
{"id": "WEB_APPLICATION_SCANNING_113485", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "YITH WooCommerce Gift Cards Premium Plugin for WordPress < 3.20.0 Arbitrary File Upload", "description": "The WordPress YITH WooCommerce Gift Cards Premium Plugin installed on the remote host is affected by an Arbitrary File Upload.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2023-01-03T00:00:00", "modified": "2023-03-14T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/was/113485", "reporter": "This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://wordpress.org/plugins/yith-woocommerce-gift-cards-premium/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45359"], "cvelist": [], "immutableFields": [], "lastseen": "2023-05-17T16:39:26", "viewCount": 8, "enchantments": {"dependencies": {"references": []}, "score": {"value": 2.4, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-45359", "epss": 0.00141, "percentile": 0.48489, "modified": "2023-05-02"}], "vulnersScore": 2.4}, "_state": {"dependencies": 1684378569, "score": 1684381050, "epss": 0}, "_internal": {"score_hash": "39c863fca96deeba45dbcf04eed25a19"}, "pluginID": "113485", "sourceData": "No source data", "naslFamily": "Component Vulnerability", "cpe": ["cpe:2.3:a:yithemes:yith_woocommerce_gift_cards:*:*:*:*:premium:wordpress:*:*"], "solution": "Upgrade to YITH WooCommerce Gift Cards Premium Plugin for WordPress 3.20.0 or latest.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2022-45359", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-12-06T00:00:00", "vulnerabilityPublicationDate": "2022-12-06T00:00:00", "exploitableWith": []}