CVE-2022-4109: Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download
First published: Mon Jan 02 2023(Updated: )
The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite)
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cedcommerce Wholesale Market | <2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-4109.
What is the severity of CVE-2022-4109?
The severity of CVE-2022-4109 is low, with a severity value of 2.7.
What is affected by CVE-2022-4109?
The Wholesale Market for WooCommerce WordPress plugin before version 2.0.0 is affected by CVE-2022-4109.
What is the impact of CVE-2022-4109?
CVE-2022-4109 allows high privilege users, such as admin, to download arbitrary logs from the server even when they should not be able to.
How can I fix CVE-2022-4109?
To fix CVE-2022-4109, update to version 2.0.0 or later of the Wholesale Market for WooCommerce WordPress plugin.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/cedcommerce
- canonical/cedcommerce wholesale market