Lucene search

K
nvd[email protected]NVD:CVE-2022-4794
HistoryJan 30, 2023 - 9:15 p.m.

CVE-2022-4794

2023-01-3021:15:12
web.nvd.nist.gov
aawp wordpress plugin
reflected file download
firewall bypass

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

Affected configurations

NVD
Node
getaawpamazon_affiliate_wordpress_pluginRange<3.12.3wordpress

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

Related for NVD:CVE-2022-4794