exploitDog

CVE-2022-3334

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Ссылки

https://wpscan.com/vulnerability/0e735502-eaa2-4047-949e-bc8eb6b39fc9
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0e735502-eaa2-4047-949e-bc8eb6b39fc9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:wordpress:*:*

Версия до 1.5.0 (исключая)

EPSS

Процентиль: 75%

0.00855

Низкий

7.2 High

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-c9vr-62wv-7xw6

CVSS3: 7.2

github

больше 3 лет назад

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

EPSS

Процентиль: 75%

0.00855

Низкий

7.2 High

CVSS3

Дефекты

CWE-502