The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/7485ad23-6ea4-4018-88b1-174312a0a478 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:57
Type | Values Removed | Values Added |
---|---|---|
CWE |
09 Jan 2023, 19:07
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://wpscan.com/vulnerability/7485ad23-6ea4-4018-88b1-174312a0a478 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Cedcommerce
Cedcommerce wholesale Market |
|
CPE | cpe:2.3:a:cedcommerce:wholesale_market:*:*:*:*:*:wordpress:*:* |
02 Jan 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-02 22:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4298
Mitre link : CVE-2022-4298
CVE.ORG link : CVE-2022-4298
JSON object : View
Products Affected
cedcommerce
- wholesale_market
CWE
No CWE.