exploitDog

CVE-2022-3366

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.

Ссылки

https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:publishpress:capabilities:*:*:*:*:-:wordpress:*:*

Версия до 2.5.2 (исключая)

cpe:2.3:a:publishpress:capabilities:*:*:*:*:pro:wordpress:*:*

Версия до 2.5.2 (исключая)

EPSS

Процентиль: 75%

0.00855

Низкий

7.2 High

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-x27x-7595-v3m5

CVSS3: 7.2

github

больше 3 лет назад

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.

EPSS

Процентиль: 75%

0.00855

Низкий

7.2 High

CVSS3

Дефекты

CWE-502