Vulnerabilities > CVE-2022-4108 - Unspecified vulnerability in Cedcommerce Wholesale Market for Woocommerce 1.0.7

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cedcommerce

NVD

Published: 2022-12-19

Updated: 2023-11-07

Summary

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)

Vulnerable Configurations

Part	Description	Count
Application	Cedcommerce Cedcommerce Wholesale Market FOR Woocommerce - Cedcommerce Wholesale Market FOR Woocommerce 1.0.7	2

References

https://wpscan.com/vulnerability/9d1770df-91f0-41e3-af0d-522ae4e62470