The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e8bb79db-ef77-43be-b449-4c4b5310eedf | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-12-26T12:28:19.897Z
Updated: 2023-01-10T09:10:50.096Z
Reserved: 2022-11-22T15:34:37.890Z
Link: CVE-2022-4120
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-26T13:15:12.437
Modified: 2023-11-07T03:56:59.093
Link: CVE-2022-4120
JSON object: View
Redhat Information
No data.
CWE
No CWE.