Lucene search
+L

29 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.9 views

CVE-2022-4108

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...

4.9CVSS5.3AI score0.00798EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:35 p.m.7 views

CVE-2022-4106

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

7.5CVSS7.4AI score0.00857EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/18 8:58 p.m.20 views

CVE-2022-4363

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

6.5CVSS6.9AI score0.00166EPSS
Exploits1References1
OSV
OSV
added 2025/05/16 9:15 p.m.6 views

CVE-2022-4363

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

6.5CVSS5.8AI score0.00166EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/16 8:33 p.m.20 views

CVE-2022-4363 Wholesale Market <= 2.2.2 - Settings Update via CSRF

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

0.00166EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/16 8:33 p.m.12 views

CVE-2022-4363 Wholesale Market <= 2.2.2 - Settings Update via CSRF

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

7AI score0.00166EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.4 views

WordPress plugin Wholesale Market 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

6.5CVSS6.5AI score0.00166EPSS
Exploits1References3
OSV
OSV
added 2023/01/02 10:15 p.m.4 views

CVE-2022-4298

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

9.8CVSS5.9AI score0.01833EPSS
Exploits2References1
OSV
OSV
added 2023/01/02 10:15 p.m.5 views

CVE-2022-4109

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to for example in multisite...

2.7CVSS5.9AI score0.00705EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/02 9:49 p.m.25 views

CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

9.8AI score0.01833EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/02 9:49 p.m.23 views

CVE-2022-4109 Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to for example in multisite...

4.1AI score0.00705EPSS
Exploits2References1
CVE
CVE
added 2023/01/02 9:49 p.m.64 views

CVE-2022-4298

The CVE-2022-4298 issue affects the Wholesale Market WordPress plugin prior to version 2.2.1. The root cause is missing authorization checks and lack of validation for user input used to generate system paths, enabling unauthenticated attackers to download arbitrary files from the server (e.g., s...

9.8CVSS9.7AI score0.01833EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/02 9:49 p.m.6 views

CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

9.6AI score0.01833EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.6 views

WordPress plugin Wholesale Market for WooCommerce 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...

2.7CVSS5AI score0.00705EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.3 views

WordPress plugin Wholesale Market 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...

9.8CVSS8.6AI score0.01833EPSS
Exploits2References2
NVD
NVD
added 2022/12/19 2:15 p.m.18 views

CVE-2022-4106

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

7.5CVSS0.00857EPSS
Exploits2References1
OSV
OSV
added 2022/12/19 2:15 p.m.5 views

CVE-2022-4108

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...

4.9CVSS5.9AI score0.00798EPSS
Exploits2References1
NVD
NVD
added 2022/12/19 2:15 p.m.17 views

CVE-2022-4108

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...

4.9CVSS0.00798EPSS
Exploits2References1
Prion
Prion
added 2022/12/19 2:15 p.m.17 views

Design/Logic Flaw

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

5CVSS7.7AI score0.00857EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/19 1:41 p.m.7 views

CVE-2022-4106 Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

7.7AI score0.00857EPSS
Exploits2References1
Rows per page
Query Builder