CVE-2022-3366
Summary
| CVE | CVE-2022-3366 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-31 16:15:00 UTC |
| Updated | 2022-11-01 13:54:00 UTC |
| Description | The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. |
Risk And Classification
Problem Types: CWE-502
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Publishpress | Capabilities | All | All | All | All |
| Application | Publishpress | Capabilities | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection WordPress Security Vulnerability | CONFIRM | wpscan.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Nguyen Pham Viet Nam
There are currently no legacy QID mappings associated with this CVE.