What is CVE-2022-4328?

CVE-2022-4328 is a vulnerability in Woocommerce Checkout Field Manager, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2023-03-06.

Is CVE-2022-4328 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Woocommerce Checkout Field Manager

CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

EPSS: 0.693 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Woocommerce Checkout Field Manager — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
cyllective/CVEs

References

wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4328?: CVE-2022-4328 is a vulnerability in Woocommerce Checkout Field Manager, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2023-03-06.
Is CVE-2022-4328 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.