CVE-2022-3490

EUVD-2022-42862
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
themehighcheckout_field_editor_for_woocommerce
𝑥
< 1.8.0
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/0c9f22e0-1d46-4957-9ba5-5cca78861136
https://wpscan.com/vulnerability/0c9f22e0-1d46-4957-9ba5-5cca78861136