{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2446", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2022-07-15T14:33:04.354Z", "datePublished": "2024-09-13T15:10:43.938Z", "dateUpdated": "2024-09-13T20:07:11.786Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-09-13T15:10:43.938Z"}, "affected": [{"vendor": "benjaminprojas", "product": "WP Editor", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.2.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."}], "title": "WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3555702-4427-4569-8fd6-f84113593e9d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3151053/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-502 Deserialization of Untrusted Data", "cweId": "CWE-502", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Rasoul Jahanshahi"}], "timeline": [{"time": "2024-09-12T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "benjaminrojas", "product": "wp_editor", "cpes": ["cpe:2.3:a:benjaminrojas:wp_editor:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.9", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-13T20:04:15.892903Z", "id": "CVE-2022-2446", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T20:07:11.786Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2446", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-13T20:04:15.892903Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:benjaminrojas:wp_editor:*:*:*:*:*:*:*:*"], "vendor": "benjaminrojas", "product": "wp_editor", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.2.9"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T20:07:05.572Z"}}], "cna": {"title": "WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization", "credits": [{"lang": "en", "type": "finder", "value": "Rasoul Jahanshahi"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "benjaminprojas", "product": "WP Editor", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.2.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-09-12T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3555702-4427-4569-8fd6-f84113593e9d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3151053/"}], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-09-13T15:10:43.938Z"}}}, "cveMetadata": {"cveId": "CVE-2022-2446", "state": "PUBLISHED", "dateUpdated": "2024-09-13T20:07:11.786Z", "dateReserved": "2022-07-15T14:33:04.354Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-09-13T15:10:43.938Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:benjaminrojas:wp_editor:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B0A1EFC6-E6D8-4194-84FB-380C14664177", "versionEndExcluding": "1.2.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."}, {"lang": "es", "value": "El complemento WP Editor para WordPress es vulnerable a la deserializaci\u00f3n de entradas no confiables a trav\u00e9s del par\u00e1metro 'current_theme_root' en versiones hasta la 1.2.9 incluida. Esto hace posible que atacantes autenticados con privilegios administrativos llamen a archivos usando un contenedor PHAR que deserializar\u00e1 y llamar\u00e1 a objetos PHP arbitrarios que se pueden usar para realizar una variedad de acciones maliciosas siempre que tambi\u00e9n est\u00e9 presente una cadena POP. Tambi\u00e9n requiere que el atacante pueda cargar un archivo con el payload serializado."}], "id": "CVE-2022-2446", "lastModified": "2024-09-27T01:09:05.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2024-09-13T15:15:13.577", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3151053/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3555702-4427-4569-8fd6-f84113593e9d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}