CVE-2022-3366

Published: Oct 31, 2022

Modified: May 6, 2025

PUBLISHED

Description

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.

Vendor	Product	Versions
Unknown	PublishPress Capabilities – User Role Access, Editor Permissions, Admin Menus	affected `2.5.2 - < 2.5.2`
Unknown	PublishPress Capabilities Pro	affected `2.5.2 - < 2.5.2`

Weaknesses (CWE)

CWE-502

References

https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-3366

Description

Affected Products

Weaknesses (CWE)

References