Back to search
CVE-2022-4265
Published: Mar 6, 2023
Modified: Mar 6, 2025
PUBLISHED
Description
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user
| Vendor | Product | Versions |
|---|---|---|
Unknown | Replyable | affected 0 - < 2.2.10 |
References
https://wpscan.com/vulnerability/095cba08-7edd-41fb-9776-da151c0885dd
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now