CVE-2022-4107

Name of the Vulnerable Software and Affected Versions SMSA Shipping for WooCommerce WordPress plugin versions prior to 1.0.5

Description The issue allows any authenticated users, such as subscribers, to download arbitrary files from the server due to a lack of authorization, proper CSRF checks, and file validation.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server to minimize the risk of exploitation.