CVE-2022-4108: Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download
First published: Mon Dec 19 2022(Updated: )
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cedcommerce Wholesale Market | <1.0.8 | |
| <1.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Wholesale Market for WooCommerce WordPress plugin?
The vulnerability ID for the Wholesale Market for WooCommerce WordPress plugin is CVE-2022-4108.
What is the title of the vulnerability?
The title of the vulnerability is 'The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used…'
What is the severity of CVE-2022-4108?
The severity of CVE-2022-4108 is medium.
How does CVE-2022-4108 affect the Wholesale Market for WooCommerce WordPress plugin?
CVE-2022-4108 allows high privilege users such as admin to download arbitrary files from the server even when they should not be able to.
How can the Wholesale Market for WooCommerce WordPress plugin be fixed?
To fix CVE-2022-4108, update to version 1.0.8 or later of the plugin.
- agent/type
- agent/title
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/cedcommerce
- canonical/cedcommerce wholesale market