Lucene search

[email protected]NVD:CVE-2022-3679

HistoryJan 09, 2023 - 11:15 p.m.

CVE-2022-3679

2023-01-0923:15:26

[email protected]

web.nvd.nist.gov

starter templates

kadence wp

wordpress plugin

php object injection

unserialisation

imported files

security issues

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Affected configurations

Nvd

Node

kadencewpstarter_templatesRange≤1.2.17wordpress

VendorProductVersionCPE
kadencewpstarter_templates*cpe:2.3:a:kadencewp:starter_templates:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
kadencewp	starter_templates	*	cpe:2.3:a:kadencewp:starter_templates::::::wordpress::*

References

wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

Related for NVD:CVE-2022-3679

openvas1 prion1 wpvulndb1 wpexploit1 cve1 cvelist1