CVE-2022-4108

Name of the Vulnerable Software and Affected Versions The Wholesale Market for WooCommerce WordPress plugin version 1.0.7 and earlier

Description The issue allows high privilege users, such as admin, to download arbitrary files from the server, even when they should not be able to, for example in multisite environments. This is due to the plugin not validating user input used to generate system paths.

Recommendations For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server to minimize the risk of exploitation.