## WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298)

|   **Vulnerability**  | **WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298)**  |
| :----:   | :-----|
|  **Chinese name**  | WordPress Wholesale Market 插件 ced_cwsm_csv_import_export_module_download_error_log 任意文件读取漏洞（CVE-2022-4298） |
| **CVSS core**  | 9.0 |
| **FOFA Query**  (click to view the results directly)| [body="wp-content/plugins/wholesale-market"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3dob2xlc2FsZS1tYXJrZXQi) |
| **Number of assets affected**  | 120 |
| **Description**  | The WordPress plugin Wholesale Market is a woocommerce extension plugin that enables your store to create wholesale users and set wholesale prices for products by. The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server. |
| **Impact** | The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server. |

![](https://s3.bmp.ovh/imgs/2023/06/21/f9ab68386ba634ba.gif)