7.2
CVE-2022-3335
- EPSS 1.15%
- Veröffentlicht 25.10.2022 17:15:57
- Zuletzt bearbeitet 09.05.2025 19:15:56
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginKadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
Kadence WooCommerce Email Designer <= 1.5.6 - PHP Object Injection
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Mögliche Gegenmaßnahme
Kadence WooCommerce Email Designer: Update to version 1.5.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kadencewp ≫ Kadence Woocommerce Email Designer SwPlatformwordpress Version < 1.5.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Kadence WooCommerce Email Designer
Version
*-1.5.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.15% | 0.627 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://wpscan.com/vulnerability/39514705-c887-4a02-a77b-36e1dcca8f5d
https://www.wordfence.com/threat-intel/vulnerabilities/id/9ea42fbc-ec08-4f67-90d0-506fc474a4a6