Lucene search
K

4 matches found

NVD
NVD
added 2022/12/19 2:15 p.m.16 views

CVE-2022-4108

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...

4.9CVSS0.00798EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/12/19 1:41 p.m.20 views

CVE-2022-4108 Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...

5.4AI score0.00798EPSS
Exploits2References1
CVE
CVE
added 2022/12/19 1:41 p.m.72 views

CVE-2022-4108

The CVE-2022-4108 vulnerability affects the WordPress plugin Wholesale Market for WooCommerce (pre-1.0.8). The issue stems from insufficient validation of user input used to generate system paths, enabling high-privilege users (e.g., admin) to download arbitrary server files such as wp-config.php...

4.9CVSS5.1AI score0.00798EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/19 1:41 p.m.7 views

CVE-2022-4108 Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...

5.1AI score0.00798EPSS
Exploits2References1
Rows per page
Query Builder