CVE-2022-4043 WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

2023-01-0922:13:30

WPScan

www.cve.org

cve-2022-4043

wordpress

admin+ php object injection

unserialize user input

high privilege users

php object injection

0.001 Low

EPSS

Percentile

36.8%

JSON

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Custom Admin Interface",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "7.29"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVELIST:CVE-2022-4043