CVE-2022-4109 — Path Traversal in Wholesale Market FOR Woocommerce

CWE-22 — Path Traversal3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.3%

top 44.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cedcommerce Wholesale Market FOR Woocommerce

Timeline

PublishedJan 2

Latest updateJan 3

Description

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

▶NVDcedcommerce/wholesale_market< 2.0.0

🔴Vulnerability Details

GHSA

GHSA-qm6m-q7rm-4grf: The Wholesale Market for WooCommerce WordPress plugin before 2↗2023-01-03

▶

CVEList

Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download↗2023-01-02

▶