4 matches found
CVE-2022-4108
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...
CVE-2022-4108 Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...
CVE-2022-4108
The CVE-2022-4108 vulnerability affects the WordPress plugin Wholesale Market for WooCommerce (pre-1.0.8). The issue stems from insufficient validation of user input used to generate system paths, enabling high-privilege users (e.g., admin) to download arbitrary server files such as wp-config.php...
CVE-2022-4108 Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...