CVE-2022-4680 Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection

2023-01-3020:31:43

WPScan

www.cve.org

revive old posts

wordpress

php object injection

cve-2022-4680

plugin vulnerability

settings

high privilege users

admin

0.001 Low

EPSS

Percentile

36.7%

JSON

The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Revive Old Posts",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "9.0.11"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/f4197386-975d-4e53-8fc9-9425732da9af

0.001 Low

EPSS

Percentile

36.7%

JSON

Related for CVELIST:CVE-2022-4680