cbcvebase.
CVE-2022-33901
published 2022-07-22

CVE-2022-33901: Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.

PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.19%
80.2th percentile
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.

Affected

1 ranges
VendorProductVersion rangeFixed in
multisafepaymultisafepay_plugin_for_woocommerce<= 4.15.0

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php?action=admin_init&log_filename=../../../../../../../../../../../../../etc/passwd
otheraction=admin_init&log_filename=../../../../../../../../../../../../../etc/passwd
  • HTTP GET request to wp-admin/admin-ajax.php with 'action=admin_init' and a 'log_filename' parameter containing path traversal sequences targeting /etc/passwd — no authentication required.
  • Successful exploitation returns HTTP 200 with Content-Type header 'application/octet-stream' and a response body matching the regex 'root:.*:0:0:' (indicative of /etc/passwd content).
  • The vulnerability is unauthenticated (PR:N) — monitor for path traversal patterns in the 'log_filename' query parameter on WordPress AJAX endpoints without any session/auth cookies.
  • ·Affected versions are MultiSafepay for WooCommerce <= 4.13.1; detections should be scoped to sites running this plugin version range.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.