mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-29 01:30:41 +00:00
13 lines
1.5 KiB
Markdown
13 lines
1.5 KiB
Markdown
## WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298)
|
||
|
||
| **Vulnerability** | **WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298)** |
|
||
| :----: | :-----|
|
||
| **Chinese name** | WordPress Wholesale Market 插件 ced_cwsm_csv_import_export_module_download_error_log 任意文件读取漏洞(CVE-2022-4298) |
|
||
| **CVSS core** | 9.0 |
|
||
| **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/wholesale-market"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3dob2xlc2FsZS1tYXJrZXQi) |
|
||
| **Number of assets affected** | 120 |
|
||
| **Description** | The WordPress plugin Wholesale Market is a woocommerce extension plugin that enables your store to create wholesale users and set wholesale prices for products by. The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server. |
|
||
| **Impact** | The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server. |
|
||
|
||
|