cve/2022/CVE-2022-4395.md

CVE-2022-4395

Description

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

POC

Reference

• https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/MrG3P5/CVE-2022-4395
• https://github.com/cyllective/CVEs
• https://github.com/nomi-sec/PoC-in-GitHub