CVE-2022-2446
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2022-2446 identifies a vulnerability in the WP Editor plugin for WordPress, affecting versions up to and including 1.2.9, which allows authenticated attackers with administrative privileges to exploit deserialization of untrusted input via the 'current_theme_root' parameter. This vulnerability can lead to malicious actions if an attacker successfully uploads a file containing a serialized payload that invokes arbitrary PHP objects. The potential risks include significant impacts on confidentiality, integrity, and availability of the affected systems, rated as high severity with a CVSS score of 7.2. Organizations are advised to remediate this issue by updating the WP Editor plugin to the latest version available that addresses this vulnerability. Failure to mitigate this risk may expose organizations to unauthorized access and control over their WordPress installations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.