CVE-2022-4108

CWE-552Files Accessible to External Parties3 documents3 sources
Severity
4.9MEDIUM
EPSS
0.6%
top 30.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Wholesale Market FOR WoocommerceCedcommerce Wholesale Market FOR Woocommerce
Timeline
PublishedDec 19

Description

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download2022-12-19
GHSA
GHSA-fqpq-36q8-xc95: The Wholesale Market for WooCommerce WordPress plugin before 12022-12-19
CVE-2022-4108 (MEDIUM CVSS 4.9) | The Wholesale Market for WooCommerc | cvebase.io