CVE-2022-4107

Published: Dic 19, 2022 Last Modified: Apr 14, 2025 EU-VD ID: EUVD-2022-51476 Aliases: GSD-2022-4107
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0014
Percentile
0,3th
Updated

EPSS Score Trend (Last 91 Days)

Application

Smsa Shipping For Woocommerce by Cedcommerce

Product Information
Vendor Cedcommerce
Product Smsa Shipping For Woocommerce
Version Range Affected
To 1.0.5 (exclusive)
cpe:2.3:a:cedcommerce:smsa_shipping_for_woocommerce:*:*:*:*:*:wordpress:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad…
Exploit Third Party Advisory
https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302
https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad…
Exploit Third Party Advisory
https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302