CVE-2022-3357

2022-10-3116:15:11

CWE-502

WPScan

web.nvd.nist.gov

smart slider 3

wordpress

plugin

cve-2022-3357

php object injection

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

42.9%

JSON

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site.

Affected configurations

Nvd

Vulners

Node

nextendwebsmart_slider_3Range<3.5.1.11wordpress

VendorProductVersionCPE
nextendwebsmart_slider_3*cpe:2.3:a:nextendweb:smart_slider_3:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
nextendweb	smart_slider_3	*	cpe:2.3:a:nextendweb:smart_slider_3::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Smart Slider 3",
    "versions": [
      {
        "version": "3.5.1.11",
        "status": "affected",
        "lessThan": "3.5.1.11",
        "versionType": "custom"
      }
    ]
  }
]