{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-4328","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2022-12-07T09:32:40.873Z","datePublished":"2023-03-06T13:34:04.469Z","dateUpdated":"2025-03-04T19:24:32.711Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-03-06T13:34:04.469Z"},"title":"WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload","problemTypes":[{"descriptions":[{"description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"WooCommerce Checkout Field Manager","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"18.0"}],"defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server"}],"references":[{"url":"https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"cydave","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:34:50.063Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-03-04T19:22:17.020731Z","id":"CVE-2022-4328","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-04T19:24:32.711Z"}}]}}