7.2
CVE-2022-3490
- EPSS 1.14%
- Veröffentlicht 28.11.2022 14:15:12
- Zuletzt bearbeitet 25.04.2025 16:15:22
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginCheckout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection
Checkout Field Editor <= 1.7.2 - Authenticated (Admin+) PHP Object Injection
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
Mögliche Gegenmaßnahme
Checkout Field Editor (Checkout Manager) for WooCommerce: Update to version 1.8.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Themehigh ≫ Checkout Field Editor For Woocommerce SwPlatformwordpress Version < 1.8.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Checkout Field Editor (Checkout Manager) for WooCommerce
Version
*-1.7.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.625 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
https://wpscan.com/vulnerability/0c9f22e0-1d46-4957-9ba5-5cca78861136
https://www.wordfence.com/threat-intel/vulnerabilities/id/a176f206-eb96-4902-8355-eec3c9ff6809