CVE-2022-3380

Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

El complemento Customizer Export/Import de WordPress anterior a 0.9.5 deserializa el contenido de un archivo importado, lo que podría provocar problemas de inyección de objetos PHP cuando un administrador importa (intencionalmente o no) un archivo malicioso y hay una cadena de gadgets adecuada presente en el blog.

The Customizer Export/Import for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 0.9.4 via deserialization of untrusted input from an imported file. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

*Credits: Nguyen Duy Quoc Khanh

CVSS Scores

NISTv3.1 7.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-30 CVE Reserved
2022-10-10 CVE Published
2024-05-23 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://wpscan.com/vulnerability/a42272a2-f9ce-4aab-9a94-8a4d85008746	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wpbeaverbuilder Search vendor "Wpbeaverbuilder"		Customizer Export\/import Search vendor "Wpbeaverbuilder" for product "Customizer Export\/import"				< 0.9.5 Search vendor "Wpbeaverbuilder" for product "Customizer Export\/import" and version " < 0.9.5"		wordpress		Affected