CVE-2022-2438

2022-09-0617:18:57

Wordfence

www.cve.org

wordpress

vulnerability

deserialization

untrusted input

administrative privileges

phar wrapper

serialized payload

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘$log_file’ value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

CNA Affected

[
  {
    "vendor": "wpmudev",
    "product": "Broken Link Checker",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.11.16",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset/2757773/broken-link-checker/trunk/core/core.php?old=2605914&old_path=broken-link-checker%2Ftrunk%2Fcore%2Fcore.php

www.wordfence.com/threat-intel/vulnerabilities/id/62fd472e-208b-48db-8f98-3d935c7a678c?source=cve

www.wordfence.com/vulnerability-advisories/#CVE-2022-2438