CVE-2022-3380

The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpbeaverbuilder:customizer_export\/import:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:19

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/a42272a2-f9ce-4aab-9a94-8a4d85008746 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/a42272a2-f9ce-4aab-9a94-8a4d85008746 - Exploit, Third Party Advisory

01 Nov 2022, 15:23

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
CPE cpe:2.3:a:wpbeaverbuilder:customizer_export\/import:*:*:*:*:*:wordpress:*:*
CWE CWE-502
References (CONFIRM) https://wpscan.com/vulnerability/a42272a2-f9ce-4aab-9a94-8a4d85008746 - (CONFIRM) https://wpscan.com/vulnerability/a42272a2-f9ce-4aab-9a94-8a4d85008746 - Exploit, Third Party Advisory

31 Oct 2022, 16:21

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-31 16:15

Updated : 2024-11-21 07:19


NVD link : CVE-2022-3380

Mitre link : CVE-2022-3380

CVE.ORG link : CVE-2022-3380


JSON object : View

Products Affected

wpbeaverbuilder

  • customizer_export\/import
CWE
CWE-502

Deserialization of Untrusted Data