What is CVE-2022-4047?

CVE-2022-4047 is a vulnerability in Return Refund And Exchange For Woocommerce, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2022-12-26.

Is CVE-2022-4047 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Return Refund And Exchange For Woocommerce

CVE-2022-4047

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as…

EPSS: 0.733 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Return Refund And Exchange For Woocommerce — versions 0

Public proof-of-concept exploits

im-hanzou/WooRefer
entroychang/CVE-2022-4047
20142995/nuclei-templates
cyllective/CVEs
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/8965a87c-5fe5-4b39-88f3-e00966ca1d94 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4047?: CVE-2022-4047 is a vulnerability in Return Refund And Exchange For Woocommerce, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2022-12-26.
Is CVE-2022-4047 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.