Lucene search
K

6 matches found

Nuclei
Nuclei
added 16 hours ago72 views

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

9.8CVSS7.1AI score0.04427EPSS
Exploits2References3
Patchstack
Patchstack
added 2023/03/07 12:0 a.m.14 views

WordPress WooCommerce Checkout Field Manager Plugin < 18.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Checkout Field Manager Type Plugin Vulnerable versions 18.0 Fixed in 18.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-4328 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8dcb3ac5c4ef Credits cydave Required privilege...

9.8CVSS6.8AI score0.04427EPSS
Exploits2References4Affected Software1
Circl
Circl
added 2023/03/06 4:12 p.m.48 views

CVE-2022-4328

creationtimestamp| type| source ---|---|--- 2023-03-06 16:12:49+00:00| seen| https://t.me/cibsecurity/59475 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-31 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-31...

9.8CVSS7.3AI score0.04427EPSS
In wildExploits2References5
Vulnrichment
Vulnrichment
added 2023/03/06 1:34 p.m.8 views

CVE-2022-4328 WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

9.7AI score0.04427EPSS
Exploits2References1
CVE
CVE
added 2023/03/06 1:34 p.m.102 views

CVE-2022-4328

The CVE-2022-4328 entry concerns the WordPress plugin WooCommerce Checkout Field Manager (before 18.0). The vulnerability arises from failure to validate uploaded files in the cfom_upload_file action, enabling unauthenticated remote arbitrary file uploads (e.g., PHP) to the server. Impact is desc...

9.8CVSS9.7AI score0.04427EPSS
In wildExploits2References1Affected Software1
Wordfence Blog
Wordfence Blog
added 2023/02/23 4:30 p.m.180 views

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...

0.1AI score0.04427EPSS
Exploits21
Rows per page
Query Builder