Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-4120
HistoryDec 26, 2022 - 1:15 p.m.

Code injection

2022-12-2613:15:00
PRIOn knowledge base
www.prio-n.com
4
code injection
plugin vulnerability
base64 encoding
unserialize function
captcha bypass
gadget chain
nvd

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain

CPENameOperatorVersion
stop_spammerslt2022.6

Related

nvd 1
cvelist 1
wpvulndb 1
cve 1
wpexploit 1
nvd
nvd
CVE-2022-4120
2022-12-26 13:15:12
cvelist
cvelist
CVE-2022-4120 Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection
2022-12-26 12:28:19
wpvulndb
wpvulndb
Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection
2022-12-05 00:00:00
cve
cve
CVE-2022-4120
2022-12-26 13:15:12
wpexploit
wpexploit
Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection
2022-12-05 00:00:00

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON
Related for PRION:CVE-2022-4120
nvd1cvelist1wpvulndb1cve1wpexploit1