CVE-2022-1953
The CVE-2022-1953 entry concerns the WordPress Product Configurator for WooCommerce plugin prior to version 1.2.32. The vulnerability is an arbitrary file deletion via an unauthenticated AJAX action that accepts user input used in a filesystem path and passed to unlink() without validation. This ...