Thinhnguyen1337

#7634of 53,633
36Total CVSS
Vulnerabilities · 5
High
5
PT-2023-14566
7.2
2023-02-06
WordPress · Husky · CVE-2022-4489
**Name of the Vulnerable Software and Affected Versions** HUSKY WordPress plugin versions prior to 1.3.2 **Description** The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present, due to the unserialize of user input provided via the settings. **Recommendations** For HUSKY WordPress plugin versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.
PT-2023-14182
7.2
2023-01-23
WordPress · The Analyticator · CVE-2022-4323
**Name of the Vulnerable Software and Affected Versions** The Analyticator WordPress plugin versions prior to 6.5.6 **Description** The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing user input provided via the settings. **Recommendations** For versions prior to 6.5.6, update to version 6.5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.
PT-2023-13789
7.2
2023-01-09
WordPress · Wp Custom Admin Interface · CVE-2022-4043
**Name of the Vulnerable Software and Affected Versions** WP Custom Admin Interface WordPress plugin versions prior to 7.29 **Description** The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing user input provided via the settings. **Recommendations** For WP Custom Admin Interface WordPress plugin versions prior to 7.29, update to version 7.29 or later to resolve the issue.
PT-2023-14170
7.2
2023-01-02
WordPress · White Label Cms · CVE-2022-4302
**Name of the Vulnerable Software and Affected Versions** White Label CMS WordPress plugin versions prior to 2.5 **Description** The issue allows high-privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing user input provided via the settings. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.
PT-2023-14183
7.2
2023-01-02
WordPress · Custom Field Template · CVE-2022-4324
**Name of the Vulnerable Software and Affected Versions** Custom Field Template WordPress plugin versions prior to 2.5.8 **Description** The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when a high-privilege user imports a malicious Customizer Styling file and a suitable gadget chain is present on the blog. **Recommendations** For versions prior to 2.5.8, update to version 2.5.8 or later to resolve the issue. As a temporary workaround, consider restricting the import of Customizer Styling files to trusted sources and users until the update is applied.