Lucene search

K
nvd[email protected]NVD:CVE-2022-3425
HistoryJan 23, 2023 - 3:15 p.m.

CVE-2022-3425

2023-01-2315:15:13
web.nvd.nist.gov
2
analyticator wordpress plugin
v6.5.6
unserialization
user input
high-privilege users
php object injection

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

Affected configurations

Nvd
Node
sumogoogle_analyticatorRange<6.5.6wordpress
VendorProductVersionCPE
sumogoogle_analyticator*cpe:2.3:a:sumo:google_analyticator:*:*:*:*:*:wordpress:*:*

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%