exploitDog

CVE-2022-3679

Опубликовано: 09 янв. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Ссылки

https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kadencewp:starter_templates:*:*:*:*:*:wordpress:*:*

Версия до 1.2.17 (включая)

EPSS

Процентиль: 70%

0.00645

Низкий

8.8 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-9w36-mccq-ph2c

CVSS3: 8.8

github

около 3 лет назад

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

EPSS

Процентиль: 70%

0.00645

Низкий

8.8 High

CVSS3

Дефекты