WordPress Plugin Vulnerabilities

PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

Description

The plugin unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.

Proof of Concept

Affects Plugins

Plugin icon
capability-manager-enhanced
Fixed in 2.5.2
Plugin icon
capabilities-pro
Fixed in 2.5.2

References

CVE
CVE-2022-3366

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
Nguyen Pham Viet Nam
Submitter
Nguyen Pham Viet Nam
Submitter website
https://github.com/zzz25251325zzz
Verified
Yes
WPVDB ID
72639924-e7a7-4f7d-bd50-015d05ffd4fb

Timeline

Publicly Published
2022-10-10 (about 3 years ago)
Added
2022-10-10 (about 3 years ago)
Last Updated
2022-10-10 (about 3 years ago)

Other

Published
Title
Published
2020-08-03
Title
Newsletter < 6.8.2 - Authenticated PHP Object Injection
Published
2016-11-08
Title
YITH WooCommerce Compare < 2.1.0 - Unauthenticated PHP Object injection
Published
2025-01-16
Title
Quick Count <= 3.00 - Unauthenticated PHP Object Injection
Published
2022-12-16
Title
Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection
Published
2025-05-21
Title
Pet World <= 2.8 - Authenticated (Subscriber+) PHP Object Injection