CVE-2022-2438

2022-09-0618:15:13

CWE-502

[email protected]

web.nvd.nist.gov

wordpress

broken link checker

file deserialization

authenticated attackers

arbitrary php objects

serialized payload

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.7%

JSON

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘$log_file’ value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

Affected configurations

Nvd

Node

managewpbroken_link_checkerRange<1.11.17wordpress

VendorProductVersionCPE
managewpbroken_link_checker*cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
managewp	broken_link_checker	*	cpe:2.3:a:managewp:broken_link_checker::::::wordpress::*

References

plugins.trac.wordpress.org/changeset/2757773/broken-link-checker/trunk/core/core.php?old=2605914&old_path=broken-link-checker%2Ftrunk%2Fcore%2Fcore.php

www.wordfence.com/threat-intel/vulnerabilities/id/62fd472e-208b-48db-8f98-3d935c7a678c?source=cve

www.wordfence.com/vulnerability-advisories/#CVE-2022-2438