7.2
CVE-2022-4043
- EPSS 17.69%
- Veröffentlicht 09.01.2023 23:15:27
- Zuletzt bearbeitet 09.04.2025 20:15:23
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection
WP Custom Admin Interface <= 7.28 - Authenticated (Administrator+) PHP Object Injection
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Mögliche Gegenmaßnahme
WP Custom Admin Interface: Update to version 7.29, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp Custom Admin Interface Project ≫ Wp Custom Admin Interface Version < 7.29
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Custom Admin Interface
Version
*-7.28
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.69% | 0.968 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc
https://www.wordfence.com/threat-intel/vulnerabilities/id/e57f4853-cade-4bb5-8f12-4a88a200921f