Lucene search
WPScanCVE-2022-3335HistoryOct 25, 2022 - 5:15 p.m.
CVE-2022-3335
2022-10-2517:15:57
CWE-502
WPScan
web.nvd.nist.gov
42
5
kadence woocommerce
email designer
wordpress
plugin
cve-2022-3335
nvd
security vulnerability
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.9%
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Affected configurations
Node
kadencewpkadence_woocommerce_email_designerRange<1.5.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| kadencewp | kadence_woocommerce_email_designer | * | cpe:2.3:a:kadencewp:kadence_woocommerce_email_designer:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Kadence WooCommerce Email Designer",
"versions": [
{
"version": "1.5.7",
"status": "affected",
"lessThan": "1.5.7",
"versionType": "custom"
}
]
}
]Social References
More
Related
openvas
openvas
patchstack
patchstack
wpexploit
wpexploit
Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
2022-10-03 00:00:00
cvelist
cvelist
wpvulndb
wpvulndb
Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
2022-10-03 00:00:00
prion
prion
Design/Logic Flaw
2022-10-25 17:15:00
nvd
nvd
CVE-2022-3335
2022-10-25 17:15:57
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.9%
Related for CVE-2022-3335