The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2023-01-09 15:15
Updated : 2023-01-12 22:43
NVD link : CVE-2022-4043
Mitre link : CVE-2022-4043
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
wp_custom_admin_interface_project
- wp_custom_admin_interface