Lucene search
Rasoul JahanshahiPATCHSTACK:3A4825874861DE012D7201480A9F7E21HistoryAug 22, 2022 - 12:00 a.m.
WordPress Ajax Load More plugin <= 5.5.3 - PHAR Deserialization via Cross-Site Request Forgery (CSRF) vulnerability
2022-08-2200:00:00
Rasoul Jahanshahi
patchstack.com
16
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.8%
PHAR Deserialization via Cross-Site Request Forgery (CSRF) vulnerability discovered by Rasoul Jahanshahi in WordPress Ajax Load More plugin (versions <= 5.5.3).
Solution
Update the WordPress Ajax Load More plugin to the latest available version (at least 5.5.4).
| CPE | Name | Operator | Version |
|---|---|---|---|
| ajax load more | le | 5.5.3 |
Related
cvelist
cvelist
CVE-2022-2433
2022-09-06 17:18:56
nvd
nvd
CVE-2022-2433
2022-09-06 18:15:13
wpvulndb
wpvulndb
Ajax Load More < 5.5.4 - PHAR Deserialization via CSRF
2022-08-22 00:00:00
cve
cve
CVE-2022-2433
2022-09-06 18:15:13
prion
prion
Deserialization of untrusted data
2022-09-06 18:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.8%
Related for PATCHSTACK:3A4825874861DE012D7201480A9F7E21