Faculty of Engineering, Ferdowsi University of Mashhad, Mashhad, Khorasan Razavi, Iran

0

سبد خرید

high level vulnerability in wordpress

high level vulnerability in wordpress

CVE-2022-4043

Description

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

Base Score: 7.2 HIGH

https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc

__________________________________

CVE-2022-3679

Description

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Base Score: 8.8 HIGH

https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760

________________________________

CVE-2022-3417

Description

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.

Base Score: 8.8 HIGH

https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5

___________________________________

CVE-2022-3416

Description

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Base Score: 7.2 HIGH

https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

© All rights reserved to APA Specialized Center of Ferdowsi University of Mashhad