CVE-2022-3490

The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
themehighcheckout_field_editor_for_woocommerce
𝑥
< 1.8.0
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/0c9f22e0-1d46-4957-9ba5-5cca78861136
https://wpscan.com/vulnerability/0c9f22e0-1d46-4957-9ba5-5cca78861136