CVE-2022-3366

Name of the Vulnerable Software and Affected Versions PublishPress Capabilities WordPress plugin versions prior to 2.5.2 PublishPress Capabilities Pro WordPress plugin versions prior to 2.5.2

Description The issue allows PHP object injection attacks by administrators on multisite WordPress configurations. This can happen when the content of imported files is unserialized. Successful exploitation requires the presence of other plugins with a suitable gadget chain on the site.

Recommendations For PublishPress Capabilities WordPress plugin versions prior to 2.5.2, update to version 2.5.2 or later. For PublishPress Capabilities Pro WordPress plugin versions prior to 2.5.2, update to version 2.5.2 or later.