7.2
CVE-2022-3334
- EPSS 0.86%
- Veröffentlicht 31.10.2022 16:15:11
- Zuletzt bearbeitet 06.05.2025 16:15:25
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginEasy WP SMTP <= 1.4.9 - Authenticated (Administrator+) PHP Object Injection
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Mögliche Gegenmaßnahme
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more: Update to version 1.5.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
Version
*-1.4.9
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp-ecommerce ≫ Easy Wp Smtp SwPlatformwordpress Version < 1.5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.745 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.