Lucene search
K

4 matches found

NVD
NVD
added 2022/10/31 4:15 p.m.16 views

CVE-2022-3360

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

8.1CVSS0.01786EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/31 12:0 a.m.7 views

CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

8.6AI score0.01786EPSS
Exploits2References1
CVE
CVE
added 2022/10/31 12:0 a.m.67 views

CVE-2022-3360

CVE-2022-3360 affects the LearnPress WordPress plugin prior to 4.1.7.2. The issue arises from unserialising user input in an unauthenticated REST API endpoint, enabling PHP Object Injection when a suitable gadget is present and potentially leading to remote code execution (RCE). An attacker must ...

8.1CVSS8.6AI score0.01786EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/10/31 12:0 a.m.20 views

CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

8.8AI score0.01786EPSS
Exploits2References1
Rows per page
Query Builder