CVE-2022-4043

Description

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

CVSS Version 3.1

nvd

CVE ID: CVE-2022-4043
Base Score: 7.2
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.2

Content on GitHub

SpiralBL0CK | watchers:38

CVE-2024-40431-CVE-2022-25479-EOP-CHAIN
CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)

Refrence: GitHub

Refrence: NVD