Published: 26/12/2022 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Subscribe to Return Refund And Exchange For Woocommerce

The Return Refund and Exchange For WooCommerce WordPress plugin prior to 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpswings return refund and exchange for woocommerce

Check Point Reference: CPAI-2022-1142 Date Published: 29 Jan 2023 Severity: Critical ...

Automatic Mass Tool for check and exploiting vulnerability in CVE-2022-4047 - Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload

WooRefer | CVE-2022-4047 - Return Refund and Exchange For WooCommerce Automatic Mass Tool for check and exploiting vulnerability in CVE-2022-4047 - Return Refund and Exchange For WooCommerce < 409 - Unauthenticated Arbitrary File Upload (Mass PHP File Upload) Using GNU Parallel You must have parallel for run this tool If you found error like "$'\r':

CVE-2022-4047 poc

CVE-2022-4047 Return Refund and Exchange For WooCommerce < 409 - Unauthenticated Arbitrary File Upload Usage @@@@@@@ @@@ @@@ @@@@@@@@ @@@@@@ @@@@@@@@ @@@@@@ @@@@@@ @@@ @@@@@@@@ @@@ @@@@@@@@ @@@@@@@@ @@@ @@@ @@@@@@@@ @@@@@@@@ @@@@@@@@@@ @@@@@@@@ @@@@@@@@ @@@@ @@@@@@@@@@

https://wpscan.com/vulnerability/8965a87c-5fe5-4b39-88f3-e00966ca1d94 https://nvd.nist.gov https://github.com/im-hanzou/WooRefer https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2022-1142.html

CVE-2022-4047

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect