CVE-2022-4794

AAWP < 3.12.3 - Unsafe URL Handling

CVSS 7.5 HIGHEPSS 0.8%

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

Unknown · AAWP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/feb4580d-df15-45c8-b59e-ad406e4b064c