CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-4395

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.73

EPSS Ranking 98.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40
https://packetstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.html
https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40
https://www.exploit-db.com/exploits/51959

Products affected by CVE-2022-4395

Wpswings » Membership For Woocommerce » Version: Any

cpe:2.3:a:wpswings:membership_for_woocommerce:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4395

Products

Pricing

Contact Us