Vulnerabilities > CVE-2022-4109 - Unspecified vulnerability in Cedcommerce Wholesale Market for Woocommerce 1.0.7/1.0.8

047910
CVSS 2.7 - LOW
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cedcommerce

Summary

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite)