What is CVE-2022-4395?

CVE-2022-4395 is a vulnerability in Membership For Woocommerce, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2023-01-30.

Is CVE-2022-4395 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Membership For Woocommerce

CVE-2022-4395

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

EPSS: 0.763 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Membership For Woocommerce — versions 0

Public proof-of-concept exploits

MrG3P5/CVE-2022-4395
20142995/nuclei-templates
ARPSyndicate/cvemon
cyllective/CVEs
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4395?: CVE-2022-4395 is a vulnerability in Membership For Woocommerce, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2023-01-30.
Is CVE-2022-4395 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.