Lucene search
HistoryJan 30, 2023 - 9:15 p.m.
CVE-2022-4794
aawp wordpress plugin
reflected file download
firewall bypass
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
55.9%
The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.
Affected configurations
Node
getaawpamazon_affiliate_wordpress_pluginRange<3.12.3wordpress
Related
prion
prion
Design/Logic Flaw
2023-01-30 21:15:00
wpexploit
wpexploit
AAWP < 3.12.3 - Unsafe URL Handling
2023-01-04 00:00:00
cvelist
cvelist
CVE-2022-4794 AAWP < 3.12.3 - Unsafe URL Handling
2023-01-30 20:31:32
cve
cve
CVE-2022-4794
2023-01-30 21:15:12
wpvulndb
wpvulndb
AAWP < 3.12.3 - Unsafe URL Handling
2023-01-04 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
55.9%
Related for NVD:CVE-2022-4794