What is CVE-2022-1953?

CVE-2022-1953 is a critical vulnerability in the Product Configurator for WooCommerce WordPress plugin, affecting versions before 1.2.32. This flaw allows unauthenticated users to delete arbitrary files on affected systems, potentially causing significant damage to websites. It is crucial for users to update the plugin to the latest version to protect their websites.

Who is impacted by this?

CVE-2022-1953 affects users of the Product Configurator for WooCommerce WordPress plugin, specifically those using versions before 1.2.32. This vulnerability can lead to arbitrary file deletion, potentially causing significant damage. Users should ensure they are using an updated version of the plugin to mitigate this risk.

What to do if CVE-2022-1953 affected you

If you're affected by the CVE-2022-1953 vulnerability, it's crucial to take immediate action to protect your website. Follow these simple steps:

1. Update the Product Configurator for WooCommerce plugin to version 1.2.32 or later.

2. Ensure all other plugins and themes are up-to-date to minimize potential security risks.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-1953 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is an arbitrary file deletion issue in the Product Configurator for WooCommerce WordPress plugin before version 1.2.32. To mitigate this vulnerability, update the plugin to version 1.2.32 or later.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, which involves improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• NVD - CVE-2022-1953

• WPScan - Product Configurator for WooCommerce < 1.2.32 – Unauthenticated Arbitrary File Deletion