The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-10-31T00:00:00
Updated: 2024-08-03T01:07:06.472Z
Reserved: 2022-09-29T00:00:00
Link: CVE-2022-3366
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-31T16:15:11.330
Modified: 2024-11-21T07:19:22.880
Link: CVE-2022-3366
Redhat
No data.