Lucene search
HistoryJan 30, 2023 - 9:15 p.m.
CVE-2022-4395
wordpress
woocommerce
remote code execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.05
Percentile
93.0%
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
Affected configurations
Node
wpswingsmembership_for_woocommerceRange<2.1.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpswings | membership_for_woocommerce | * | cpe:2.3:a:wpswings:membership_for_woocommerce:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Default credentials
2023-01-30 21:15:00
githubexploit
githubexploit
Exploit for CVE-2022-4395
2023-03-09 12:35:48
cvelist
cvelist
wpvulndb
wpvulndb
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
2023-01-04 00:00:00
cve
cve
CVE-2022-4395
2023-01-30 21:15:10
exploitdb
exploitdb
wpexploit
wpexploit
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
2023-01-04 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.05
Percentile
93.0%
Related for NVD:CVE-2022-4395