Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Membership For WooCommerce by Unknown
CVE-2022-4395 (GCVE-0-2022-4395)
Vulnerability from nvd – Published: 2023-01-30 20:31 – Updated: 2025-03-27 19:55
VLAI
Title
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
Summary
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/80407ac4-8ce3-4d… | exploitvdb-entrytechnical-description |
| https://packetstormsecurity.com/files/177934/Word… | |
| https://www.exploit-db.com/exploits/51959 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Membership For WooCommerce |
Affected:
0 , < 2.1.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-02T19:07:18.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://packetstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.html"
},
{
"url": "https://www.exploit-db.com/exploits/51959"
},
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4395",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T19:55:41.516334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:55:55.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Membership For WooCommerce",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "cydave"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T20:31:42.219Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Membership For WooCommerce \u003c 2.1.7 - Unauthenticated Arbitrary File Upload",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4395",
"datePublished": "2023-01-30T20:31:42.219Z",
"dateReserved": "2022-12-10T01:03:42.456Z",
"dateUpdated": "2025-03-27T19:55:55.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4395 (GCVE-0-2022-4395)
Vulnerability from cvelistv5 – Published: 2023-01-30 20:31 – Updated: 2025-03-27 19:55
VLAI
Title
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
Summary
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/80407ac4-8ce3-4d… | exploitvdb-entrytechnical-description |
| https://packetstormsecurity.com/files/177934/Word… | |
| https://www.exploit-db.com/exploits/51959 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Membership For WooCommerce |
Affected:
0 , < 2.1.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-02T19:07:18.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://packetstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.html"
},
{
"url": "https://www.exploit-db.com/exploits/51959"
},
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4395",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T19:55:41.516334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:55:55.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Membership For WooCommerce",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "cydave"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T20:31:42.219Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Membership For WooCommerce \u003c 2.1.7 - Unauthenticated Arbitrary File Upload",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4395",
"datePublished": "2023-01-30T20:31:42.219Z",
"dateReserved": "2022-12-10T01:03:42.456Z",
"dateUpdated": "2025-03-27T19:55:55.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}