CVE-2022-4794

Summary

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

Affected Software

VendorProductVersion RangeStatus
UnknownAAWP0 < 3.12.3affected

Weaknesses

  • CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References