CVE-2022-3679

Exploit

EPSS 0.55%
Veröffentlicht 09.01.2023 23:15:26
Zuletzt bearbeitet 09.04.2025 19:15:43
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Starter Templates by Kadence WP <= 1.2.16 - Authenticated (Admin+) PHP Object Injection

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Mögliche Gegenmaßnahme

AI Powered Starter Templates by Kadence WP: Update to version 1.2.17, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt AI Powered Starter Templates by Kadence WP

Version * - 1.2.16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kadencewp ≫ Starter Templates SwPlatformwordpress Version <= 1.2.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.67

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/72eda38d-34e9-4a0e-a760-a9b991e590de

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3679

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3679

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3679

EUVD