CVE-2022-4106: Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download
First published: Mon Dec 19 2022(Updated: )
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cedcommerce Wholesale Market | <1.0.7 | |
| <1.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-4106?
CVE-2022-4106 is a vulnerability in the Wholesale Market for WooCommerce WordPress plugin before version 1.0.7 that allows unauthenticated attackers to download arbitrary files from the server.
How severe is CVE-2022-4106?
CVE-2022-4106 has a severity rating of 7.5 out of 10, which is considered high.
What is the affected software for CVE-2022-4106?
The affected software is Cedcommerce Wholesale Market For Woocommerce plugin before version 1.0.7.
How can unauthenticated attackers exploit CVE-2022-4106?
Unauthenticated attackers can exploit CVE-2022-4106 by downloading arbitrary files from the server.
Is there a fix available for CVE-2022-4106?
Yes, a fix for CVE-2022-4106 is available in version 1.0.7 of the Wholesale Market for WooCommerce plugin.
- agent/type
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/cedcommerce
- canonical/cedcommerce wholesale market