CVE-2022-4047

Published: Dec 26, 2022Modified: Apr 14, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE

Affected (1)

Products: Wpswings: Return Refund And Exchange For Woocommerce

Wpswings

1 product

Return Refund And Exchange For Woocommerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpswings Return Refund And Exchange For Woocommerce	Before 4.0.9

References (2)

https://wpscan.com/vulnerability/8965a87c-5fe5-4b39-88f3-e00966ca1d94

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/8965a87c-5fe5-4b39-88f3-e00966ca1d94

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.