WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
CVE-2022-4328
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 6 March 2023
Badges
What is CVE-2022-4328?
The WooCommerce Checkout Field Manager plugin for WordPress, prior to version 18.0, has a critical flaw that lacks proper validation for uploaded files. This weakness permits unauthenticated attackers to potentially upload arbitrary files, such as PHP scripts, to the server, leading to possible further exploitation of the site. Website administrators using older versions of this plugin are strongly advised to update immediately to mitigate this risk.
Affected Version(s)
WooCommerce Checkout Field Manager 0 < 18.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
82% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved