CVE-2022-4794

EUVD-2022-52090
The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
getaawpamazon_affiliate_wordpress_plugin
𝑥
< 3.12.3
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c
https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c