Lucene search
WPScanCVELIST:CVE-2022-4120HistoryDec 26, 2022 - 12:28 p.m.
CVE-2022-4120 Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection
2022-12-2612:28:19
WPScan
www.cve.org
cve-2022-4120; stop spammers security; unauthenticated php object injection; base64 encoded input; captcha challenge; plugin vulnerability; gadget chain.
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain
CNA Affected
[
{
"vendor": "Unknown",
"product": "Stop Spammers Security | Block Spam Users, Comments, Forms",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2022.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-4120
2022-12-26 13:15:12
prion
prion
Code injection
2022-12-26 13:15:00
wpvulndb
wpvulndb
Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection
2022-12-05 00:00:00
cve
cve
CVE-2022-4120
2022-12-26 13:15:12
wpexploit
wpexploit
Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection
2022-12-05 00:00:00