The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite)
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/51e023de-189d-4557-9655-23f7ba58b670 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:56
Type | Values Removed | Values Added |
---|---|---|
CWE |
09 Jan 2023, 18:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cedcommerce:wholesale_market_for_woocommerce:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
First Time |
Cedcommerce
Cedcommerce wholesale Market For Woocommerce |
|
References | (MISC) https://wpscan.com/vulnerability/51e023de-189d-4557-9655-23f7ba58b670 - Exploit, Third Party Advisory |
02 Jan 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-02 22:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4109
Mitre link : CVE-2022-4109
CVE.ORG link : CVE-2022-4109
JSON object : View
Products Affected
cedcommerce
- wholesale_market_for_woocommerce
CWE
No CWE.