Lucene search
China National Vulnerability DatabaseCNVD-2022-87014HistoryNov 23, 2022 - 12:00 a.m.
WordPress Plugin Betheme them plugin deserialization vulnerability
2022-11-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
wordpress
betheme
plugin
deserialization
vulnerability
php
mfn_builder_import
importdata
attacker
execute code
sensitive data
delete files
EPSS
0.002
Percentile
61.3%
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress theme is a theme for WordPress. WordPress Plugin Betheme them plugin 26.5.1.4 and earlier versions contain a deserialization vulnerability that stems from the mfn_builder_import, mfn_builder_ import_page, importdata, importsinglepage, and importfromclipboard functions deserialize untrusted input passed by the import, mfn-items-import-page, and mfn-items-import parameters, which could be used by an attacker to exploit the vulnerability to execute code, retrieve sensitive data, delete files, and more.
Related
cvelist
cvelist
CVE-2022-3861
2022-11-21 12:45:46
wpvulndb
wpvulndb
Betheme < 26.6 - Contributor+ PHP Object Injection
2022-11-21 00:00:00
wpexploit
wpexploit
Betheme < 26.6 - Contributor+ PHP Object Injection
2022-11-21 00:00:00
packetstorm
packetstorm
WordPress BeTheme 26.5.1.4 PHP Object Injection
2022-11-21 00:00:00
cve
cve
CVE-2022-3861
2022-11-21 13:15:10
prion
prion
Deserialization of untrusted data
2022-11-21 13:15:00
nvd
nvd
CVE-2022-3861
2022-11-21 13:15:10
zdt
zdt
WordPress BeTheme 26.5.1.4 PHP Object Injection Vulnerability
2022-11-21 00:00:00