CVE-2022-4047

CRITICAL

WordPress Return Refund and Exchange for WooCommerce <4.0.9 - PHP File Upload

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-4047. PoCs published by im-hanzou, entroychang.

AI-analyzed exploit summary This repository contains a bash script that automates the exploitation of CVE-2022-4047, an unauthenticated arbitrary file upload vulnerability in the Return Refund and Exchange For WooCommerce plugin. The script checks for vulnerable versions and uploads a malicious PHP file to exploit the vulnerability.

Description

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE

Exploits (2)

nomisec WORKING POC 1 stars

by im-hanzou · poc

https://github.com/im-hanzou/WooRefer

View Code ZIP pw:eip

This repository contains a bash script that automates the exploitation of CVE-2022-4047, an unauthenticated arbitrary file upload vulnerability in the Return Refund and Exchange For WooCommerce plugin. The script checks for vulnerable versions and uploads a malicious PHP file to exploit the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Return Refund and Exchange For WooCommerce < 4.0.9

No auth needed

Prerequisites: GNU Parallel installed · List of target URLs

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by entroychang · poc

https://github.com/entroychang/CVE-2022-4047

View Code ZIP pw:eip

This repository contains a Python-based exploit for CVE-2022-4047, an unauthenticated arbitrary file upload vulnerability in the Return Refund and Exchange For WooCommerce plugin. The exploit automates version checking, nonce extraction, and file upload to achieve remote code execution via a malicious PHP file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Return Refund and Exchange For WooCommerce < 4.0.9

No auth needed

Prerequisites: Target must have the vulnerable plugin installed and accessible · PHP file upload must be allowed by server configuration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/8965a87c-5fe5-4b39-88f3-e00966ca1d94

Scores

CVSS v3 9.8

EPSS 0.7330

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

Status published

Products (1)

wpswings/return_refund_and_exchange_for_woocommerce < 4.0.9

Published Dec 26, 2022

Tracked Since Feb 18, 2026