Vulnerabilities > CVE-2022-4794 - Unspecified vulnerability in Getaawp Amazon Affiliate Wordpress Plugin

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
getaawp

Summary

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

Vulnerable Configurations

Part Description Count
Application
Getaawp
1