CVE-2022-4794

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
getaawpamazon_affiliate_wordpress_plugin
𝑥
< 3.12.3
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c
https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c