6 matches found
CVE-2022-4047
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE...
Exploit for CVE-2022-4047
CVE-2022-4047 Return Refund and Exchange For WooCommerce...
CVE-2022-4047
creationtimestamp| type| source ---|---|--- 2023-09-26 10:44:16+00:00| published-proof-of-concept| https://t.me/v3n0mhack/283 2025-04-14 13:54:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11607...
CVE-2022-4047
CVE-2022-4047 affects the Return Refund and Exchange For WooCommerce WordPress plugin prior to version 4.0.9. The root cause is failure to validate attachment files uploaded via an AJAX action accessible to unauthenticated users, allowing arbitrary files (e.g., PHP) to be uploaded and potentially...
CVE-2022-4047 Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE...
CVE-2022-4047 Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE...