{"api_version":"1","generated_at":"2026-04-23T02:24:46+00:00","cve":"CVE-2022-4106","urls":{"html":"https://cve.report/CVE-2022-4106","api":"https://cve.report/api/cve/CVE-2022-4106.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-4106","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-4106"},"summary":{"title":"CVE-2022-4106","description":"The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.","state":"PUBLIC","assigner":"contact@wpscan.com","published_at":"2022-12-19 14:15:00","updated_at":"2023-11-07 03:56:00"},"problem_types":["CWE-552"],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed","name":"https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed","refsource":"MISC","tags":[],"title":"Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download WordPress Security Vulnerability","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-4106","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4106","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"4106","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cedcommerce","cpe5":"wholesale_market_for_woocommerce","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-4106","ASSIGNER":"contact@wpscan.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-552 Files or Directories Accessible to External Parties"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Unknown","product":{"product_data":[{"product_name":"Wholesale Market for WooCommerce","version":{"version_data":[{"version_value":"0","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed","refsource":"MISC","name":"https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed"}]},"generator":{"engine":"WPScan CVE Generator"},"source":{"discovery":"EXTERNAL"},"credits":[{"lang":"en","value":"WPScan"}]},"nvd":{"publishedDate":"2022-12-19 14:15:00","lastModifiedDate":"2023-11-07 03:56:00","problem_types":["CWE-552"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cedcommerce:wholesale_market_for_woocommerce:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.0.7","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}