CVE-2022-4298: Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download
First published: Mon Jan 02 2023(Updated: )
The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cedcommerce Wholesale Market | <2.2.1 | |
| <2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-4298?
CVE-2022-4298 is a vulnerability in the Wholesale Market WordPress plugin before version 2.2.1 that allows unauthenticated attackers to download arbitrary files from the server.
How severe is CVE-2022-4298?
CVE-2022-4298 has a severity score of 9.8, which is classified as critical.
What software versions are affected by CVE-2022-4298?
CVE-2022-4298 affects versions up to (but not including) version 2.2.1 of the Cedcommerce Wholesale Market WordPress plugin.
How can I mitigate CVE-2022-4298?
To mitigate CVE-2022-4298, it is recommended to update the Wholesale Market WordPress plugin to version 2.2.1 or above.
Where can I find more information about CVE-2022-4298?
More information about CVE-2022-4298 can be found at the following reference link: https://wpscan.com/vulnerability/7485ad23-6ea4-4018-88b1-174312a0a478
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/cedcommerce
- canonical/cedcommerce wholesale market