CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4109 – Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download
https://notcve.org/view.php?id=CVE-2022-4109
12 Dec 2022 — The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite) El complemento Wholesale Market for WooCommerce de WordPress anterior a 2.0.0 no valida la entrada del usuario contra ataques de recorrido de ruta, lo que permite a usuarios con privilegios elevados, como el administrador, descargar ... • https://wpscan.com/vulnerability/51e023de-189d-4557-9655-23f7ba58b670 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4106 – Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download
https://notcve.org/view.php?id=CVE-2022-4106
28 Nov 2022 — The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. El complemento de WordPress Wholesale Market para WooCommerce anterior a 1.0.7 no tiene verificación de autorización y tampoco valida la entrada del usuario utilizada para generar la ruta del sistema, lo que permite a atacantes no autenticados descargar archivo... • https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4108 – Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download
https://notcve.org/view.php?id=CVE-2022-4108
28 Nov 2022 — The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite) El complemento de WordPress Wholesale Market para WooCommerce anterior a 1.0.8 no valida la entrada del usuario utilizada para generar la ruta del sistema, lo que permite a usuarios con privilegios elevados, como el administrador, desc... • https://wpscan.com/vulnerability/9d1770df-91f0-41e3-af0d-522ae4e62470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •