CVE-2022-4328

CRITICAL EXPLOITED NUCLEI

WooCommerce Checkout Field Manager <18.0 - Code Injection

Title source: llm

Description

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

Nuclei Templates (1)

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

CRITICALVERIFIEDby theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed

Scores

CVSS v3 9.8

EPSS 0.8025

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-22

Status published

Products (1)

najeebmedia/woocommerce_checkout_field_manager < 18.0

Published Mar 06, 2023

Tracked Since Feb 18, 2026