CVE-2022-3366

Sažetak

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.

Reference

https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb
https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb

CVSS

Base:	7.2
Impact:	5.9
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

06-05-2025 - 21:15

Objavljeno

31-10-2022 - 16:15