The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/8965a87c-5fe5-4b39-88f3-e00966ca1d94 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-12-26T12:28:13.684Z
Updated: 2023-01-10T09:11:12.736Z
Reserved: 2022-11-17T09:15:15.850Z
Link: CVE-2022-4047
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-26T13:15:12.250
Modified: 2023-11-07T03:56:47.947
Link: CVE-2022-4047
JSON object: View
Redhat Information
No data.
CWE
No CWE.