CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
wp_custom_admin_interface_projectwp_custom_admin_interface
𝑥
< 7.29
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc
https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc