CVE-2022-4395

Published: Jan 30, 2023Modified: Mar 27, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

Affected (1)

Products: Wpswings: Membership For Woocommerce

Wpswings

1 product

Membership For Woocommerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpswings Membership For Woocommerce	Before 2.1.7

References (4)

https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40

Source: contact@wpscan.com

ExploitThird Party Advisory

https://packetstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/51959

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.