Vulnerabilities > CVE-2022-4047 - Unspecified vulnerability in Wpswings Return Refund and Exchange for Woocommerce

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wpswings

critical

NVD

Published: 2022-12-26

Updated: 2023-11-07

Summary

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE

Vulnerable Configurations

Part	Description	Count
Application	Wpswings Wpswings Return Refund AND Exchange FOR Woocommerce - Wpswings Return Refund AND Exchange FOR Woocommerce 1.0.0 Wpswings Return Refund AND Exchange FOR Woocommerce 1.0.7 Wpswings Return Refund AND Exchange FOR Woocommerce 1.0.8 Wpswings Return Refund AND Exchange FOR Woocommerce 2.0.0 Wpswings Return Refund AND Exchange FOR Woocommerce 2.1.0 Wpswings Return Refund AND Exchange FOR Woocommerce 2.1.1 Wpswings Return Refund AND Exchange FOR Woocommerce 2.1.2 Wpswings Return Refund AND Exchange FOR Woocommerce 3.0.0 Wpswings Return Refund AND Exchange FOR Woocommerce 3.0.1 Wpswings Return Refund AND Exchange FOR Woocommerce 3.0.2 Wpswings Return Refund AND Exchange FOR Woocommerce 3.0.3 Wpswings Return Refund AND Exchange FOR Woocommerce 3.0.4 Wpswings Return Refund AND Exchange FOR Woocommerce 3.1.0 Wpswings Return Refund AND Exchange FOR Woocommerce 3.1.1 Wpswings Return Refund AND Exchange FOR Woocommerce 3.1.2 Wpswings Return Refund AND Exchange FOR Woocommerce 3.1.3 Wpswings Return Refund AND Exchange FOR Woocommerce 3.1.4 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.0 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.1 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.2 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.3 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.4 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.5 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.6 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.7 Wpswings Return Refund AND Exchange FOR Woocommerce 4.0.8	27

References

https://wpscan.com/vulnerability/8965a87c-5fe5-4b39-88f3-e00966ca1d94