3 matches found
CVE-2022-4106 Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...
CVE-2022-4106 Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...
CVE-2022-4106
The Wholesale Market for WooCommerce WordPress plugin (pre-1.0.7) exposes an unauthenticated arbitrary-file-download vulnerability due to missing authorization checks and improper handling of user input when building system paths. Impact is configured as high (C:H) for confidentiality with no int...