Lucene search

K
wpvulndbWpvulndbWPVDB-ID:D33B4230-81F2-436F-A1E5-2C9984CDED19
HistoryAug 22, 2022 - 12:00 a.m.

Ajax Load More < 5.5.4 - PHAR Deserialization via CSRF

2022-08-2200:00:00
wpscan.com
10

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.8%

The plugin does not validate user input before using it to generate a path, allowing attacker to fully control it and use any wrapper, such as PHAR which could lead to deserialisation if they can trick an admin to open a malicious link and a suitable gadget chain is present

CPENameOperatorVersion
ajax-load-morelt5.5.4

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.8%

Related for WPVDB-ID:D33B4230-81F2-436F-A1E5-2C9984CDED19