1.0.8

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cedcommerce

NVD

Published: 2023-01-02

Updated: 2023-11-07

Summary

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite)

Vulnerable Configurations

Part	Description	Count
Application	Cedcommerce Cedcommerce Wholesale Market FOR Woocommerce - Cedcommerce Wholesale Market FOR Woocommerce 1.0.7 Cedcommerce Wholesale Market FOR Woocommerce 1.0.8	3

References

https://wpscan.com/vulnerability/51e023de-189d-4557-9655-23f7ba58b670