CVE-2022-4395
Published: 30 January 2023
Summary
CVE-2022-4395 is a critical-severity an unspecified weakness vulnerability in Wpswings Membership For Woocommerce. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The Membership For WooCommerce WordPress plugin before version 2.1.7 contains an unauthenticated file-upload flaw that permits arbitrary files, including malicious PHP payloads, to be stored and executed on the server. The affected component is the membership-management extension for WooCommerce sites, which fails to enforce any server-side validation or type restrictions on user-supplied uploads.
An unauthenticated attacker can therefore send a crafted HTTP request containing a web shell or other executable file, place it in a web-accessible directory, and invoke it to obtain remote code execution with the privileges of the web server process. The vulnerability carries a CVSS 3.1 score of 9.8, reflecting network attack vector, no required credentials, and full confidentiality, integrity, and availability impact.
Publicly available references, including WPScan, Exploit-DB, and PacketStorm, document working proof-of-concept exploits and recommend immediate upgrade to 2.1.7 or later as the primary mitigation. The CVE’s EPSS score has remained elevated, with a recorded peak of 0.7740 and a current value of 0.7628, indicating sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-51744
Vulnerability details
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.