Lucene search

[email protected]NVD:CVE-2023-1347

HistoryMay 08, 2023 - 2:15 p.m.

CVE-2023-1347

2023-05-0814:15:12

[email protected]

web.nvd.nist.gov

customizer export/import

wordpress

plugin

vulnerability

high privilege

php object injection

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.2%

JSON

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

Affected configurations

Nvd

Node

fastlinemediacustomizer_export\/importRange<0.9.6wordpress

VendorProductVersionCPE
fastlinemediacustomizer_export\/import*cpe:2.3:a:fastlinemedia:customizer_export\/import:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
fastlinemedia	customizer_export\/import	*	cpe:2.3:a:fastlinemedia:customizer_export\/import::::::wordpress::*

References

wpscan.com/vulnerability/356a5977-c90c-4fc6-98ed-032d5b27f272

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.2%

JSON

Related for NVD:CVE-2023-1347

prion1 cve1 openvas1 cvelist1 wordfence1