CVE-2022-4794

High

7.5/10

Summary

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Jan 30, 2023

CVE-2022-4794

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS