Lucene search
WPScanCVELIST:CVE-2022-3366HistoryOct 31, 2022 - 12:00 a.m.
CVE-2022-3366 PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
2022-10-3100:00:00
CWE-502
WPScan
www.cve.org
3
php object injection
publishpress capabilities
wordpress plugin
cve-2022-3366
admin+
multisite configuration
gadget chain
EPSS
0.001
Percentile
42.9%
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.
CNA Affected
[
{
"vendor": "Unknown",
"product": "PublishPress Capabilities – User Role Access, Editor Permissions, Admin Menus",
"versions": [
{
"version": "2.5.2",
"status": "affected",
"lessThan": "2.5.2",
"versionType": "custom"
}
]
},
{
"vendor": "Unknown",
"product": "PublishPress Capabilities Pro",
"versions": [
{
"version": "2.5.2",
"status": "affected",
"lessThan": "2.5.2",
"versionType": "custom"
}
]
}
]Related
openvas
openvas
prion
prion
Design/Logic Flaw
2022-10-31 16:15:00
patchstack
patchstack
wpexploit
wpexploit
PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
2022-10-10 00:00:00
wpvulndb
wpvulndb
PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
2022-10-10 00:00:00
cve
cve
CVE-2022-3366
2022-10-31 16:15:11
nvd
nvd
CVE-2022-3366
2022-10-31 16:15:11