CVE-2022-4106Files or Directories Accessible to External Parties in Wholesale Market FOR Woocommerce

CWE-552Files or Directories Accessible to External Parties3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cedcommerce Wholesale Market FOR Woocommerce
Timeline
PublishedDec 19

Description

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download2022-12-19
GHSA
GHSA-6974-v8m9-mmj5: The Wholesale Market for WooCommerce WordPress plugin before 12022-12-19
CVE-2022-4106 — HIGH severity | cvebase