CVE-2022-4794

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
getaawpamazon_affiliate_wordpress_plugin
𝑥
< 3.12.3
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c
https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c