What is CVE-2022-0656?

CVE-2022-0656 is a vulnerability in Web To Print Shop : Udraw, classified under Files or Directories Accessible to External Parties. Published 2022-04-25.

Is CVE-2022-0656 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Web To Print Shop : Udraw

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_cont…

EPSS: 0.682 (98.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Web To Print Shop : Udraw — versions 3.3.3

Weakness classification (CWE)

CWE-552 — Files or Directories Accessible to External Parties

Public proof-of-concept exploits

References

wpscan.com/vulnerability/925c4c28-ae94-4684-a365-5f1e34e6c151 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0656?: CVE-2022-0656 is a vulnerability in Web To Print Shop : Udraw, classified under Files or Directories Accessible to External Parties. Published 2022-04-25.
Is CVE-2022-0656 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.