CVE-2022-3679

Published: Jan 9, 2023Modified: Apr 9, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Affected (1)

Products: Kadencewp: Starter Templates

Kadencewp

1 product

Starter Templates

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kadencewp Starter Templates	Up to 1.2.17

References (2)

https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.