CVE-2022-4109

Low CVSS 2.7

Overview

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite)

CWE: N/A Published: 2023-01-02T22:15:16.077

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 2.7 (LOW)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags