Vulnerabilities > CVE-2022-4794 - Unspecified vulnerability in Getaawp Amazon Affiliate Wordpress Plugin

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

getaawp

NVD

Published: 2023-01-30

Updated: 2024-11-21

Summary

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

Vulnerable Configurations

Part	Description	Count
Application	Getaawp Getaawp Amazon Affiliate Wordpress Plugin *	1

References

https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c
https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c