CVE-2022-4794

Name of the Vulnerable Software and Affected Versions AAWP WordPress plugin versions prior to 3.12.3

Description The issue allows the AAWP WordPress plugin to be used for abusing trusted domains, enabling the loading of malware or other files through it, which is known as Reflected File Download. This can be exploited to bypass firewall rules in companies.

Recommendations For versions prior to 3.12.3, update to version 3.12.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.