CVE-2022-4328

Published: Mar 6, 2023Modified: Mar 4, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

Affected (1)

Products: Najeebmedia: Woocommerce Checkout Field Manager

Najeebmedia

1 product

Woocommerce Checkout Field Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Najeebmedia Woocommerce Checkout Field Manager	Before 18.0

References (2)

https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.