Vulnerability Details : CVE-2022-2442
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Products affected by CVE-2022-2442
- cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-2442
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-2442
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
Wordfence |
CWE ids for CVE-2022-2442
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by:
- nvd@nist.gov (Primary)
- security@wordfence.com (Secondary)
References for CVE-2022-2442
-
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2442
Vulnerability Advisories - WordfenceThird Party Advisory
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2766112%40wpvivid-backuprestore%2Ftrunk%2Fincludes%2Fstaging%2Fclass-wpvivid-staging.php&new=2766112%40wpvivid-backuprestore%2Ftrunk%2Fincludes%2Fstaging%2Fclass-wpvivid-staging.php
Changeset 2766112 for wpvivid-backuprestore/trunk/includes/staging/class-wpvivid-staging.php – WordPress Plugin RepositoryPatch;Third Party Advisory
-
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/trunk/includes/staging/class-wpvivid-staging.php?rev=2749419#L1783
class-wpvivid-staging.php in wpvivid-backuprestore/trunk/includes/staging – WordPress Plugin RepositoryPatch;Third Party Advisory
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/b7e2ca2e-c495-47f8-9c18-da5ba73d9e70?source=cve
Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization
-
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/trunk/includes/staging/class-wpvivid-staging.php?rev=2749419#L1747
class-wpvivid-staging.php in wpvivid-backuprestore/trunk/includes/staging – WordPress Plugin RepositoryPatch;Third Party Advisory
Jump to