Lucene search
HistoryDec 26, 2022 - 1:15 p.m.
CVE-2022-4047
woocommerce
wordpress
file upload
vulnerability
rce
unauthenticated users
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
71.2%
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE
Affected configurations
Node
wpswingsreturn_refund_and_exchange_for_woocommerceRange<4.0.9wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpswings | return_refund_and_exchange_for_woocommerce | * | cpe:2.3:a:wpswings:return_refund_and_exchange_for_woocommerce:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Design/Logic Flaw
2022-12-26 13:15:00
cvelist
cvelist
wpvulndb
wpvulndb
cve
cve
CVE-2022-4047
2022-12-26 13:15:12
wpexploit
wpexploit
githubexploit
githubexploit
Exploit for CVE-2022-4047
2023-09-26 07:23:44
Exploit for CVE-2022-4047
2023-12-14 07:36:01
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
71.2%
Related for NVD:CVE-2022-4047