What is CVE-2022-4298?

CVE-2022-4298 is a vulnerability in Wholesale Market, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). Published 2023-01-02.

Is CVE-2022-4298 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wholesale Market

CVE-2022-4298

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

EPSS: 0.557 (98.1th percentile) — read the EPSS interpretation.

Affected products

Unknown Wholesale Market — versions 0

Public proof-of-concept exploits

cyllective/CVEs

References

wpscan.com/vulnerability/7485ad23-6ea4-4018-88b1-174312a0a478 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4298?: CVE-2022-4298 is a vulnerability in Wholesale Market, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). Published 2023-01-02.
Is CVE-2022-4298 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.