The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-12-19T13:41:50.942Z
Updated: 2024-08-03T01:27:54.544Z
Reserved: 2022-11-21T22:51:09.906Z
Link: CVE-2022-4106
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-19T14:15:12.187
Modified: 2023-11-07T03:56:56.467
Link: CVE-2022-4106
Redhat
No data.