PT-2023-14186 · WordPress · Woocommerce Checkout Field Manager

Cydave

Publicado

2023-03-06

Atualizado

2025-03-04

CVE-2022-4328

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WooCommerce Checkout Field Manager WordPress plugin versions prior to 18.0

Description The issue allows unauthenticated attackers to upload arbitrary files, such as PHP files, to the server due to a lack of file validation for uploads. This could potentially lead to server compromise.

Recommendations For versions prior to 18.0, update to version 18.0 or later to resolve the issue. As a temporary workaround, consider disabling file upload functionality until a patch is available. Restrict access to sensitive server areas to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2022-4328

Produtos afetados

Woocommerce Checkout Field Manager

PT-2023-14186 · WordPress · Woocommerce Checkout Field Manager

CVE-2022-4328

Identificadores relacionados

Produtos afetados

Referências · 6