Untriaged
Permalink
CVE-2022-45083
6.6 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.
References
- https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilep… vdb-entry
- https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilep… vdb-entry
- https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilep… vdb-entry x_transferred
- https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilep… vdb-entry
- https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilep… vdb-entry x_transferred
Affected products
wp-user-avatar
- =<4.3.2
Matching in nixpkgs
-
nixos-unstable -
- nixpkgs-unstable 1.4.1