CVE-2022-2439

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Sep 24, 2024
Updated: Sep 26, 2024
CWE ID 502

Summary

CVE-2022-2439 identifies a vulnerability in the Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress, affecting versions up to 3.3.3. This vulnerability allows authenticated administrative users to exploit the 'upload[file]' parameter, enabling the deserialization of untrusted input and potentially leading to arbitrary code execution if a suitable payload is present. Organizations using this plugin face significant risks, including high integrity and confidentiality impacts due to potential unauthorized access or actions that could compromise data and system stability. To remediate this issue, it is advised that users upgrade to version 3.3.4 or later. The attack vector is classified as network-based with low complexity, requiring high privileges but no user interaction, which heightens its potential danger if exploited.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share