CVE-2022-4107

Published: Dec 19, 2022Modified: Apr 14, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server

Affected (1)

Products: Cedcommerce: Smsa Shipping For Woocommerce

Cedcommerce

1 product

Smsa Shipping For Woocommerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cedcommerce Smsa Shipping For Woocommerce	Before 1.0.5

References (2)

https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.