CVE-2022-4680

EUVD-2022-52004
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
reviverevive_old_posts
𝑥
< 9.0.11
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/f4197386-975d-4e53-8fc9-9425732da9af
https://wpscan.com/vulnerability/f4197386-975d-4e53-8fc9-9425732da9af