CVE-2022-2437

2022-07-1816:13:40

Wordfence

www.cve.org

wordpress

plugin

vulnerable

phar

deserialization

fts_url

unauthenticated

attack

php objects

serialized payload

file upload

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.005

Percentile

75.6%

JSON

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘fts_url’ parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

CNA Affected

[
  {
    "vendor": "slickremix",
    "product": "Feed Them Social – Page, Post, Video, and Photo Galleries",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.9.8.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754749%40feed-them-social&new=2754749%40feed-them-social&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/50bcea94-b12a-4b31-b0c1-bba834ea9bd0?source=cve

www.wordfence.com/vulnerability-advisories/#CVE-2022-2437