WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
CVE-2022-2433

8.8HIGH

Key Information:

Vendor: Wordpress
Status: WordPress Infinite Scroll – Ajax Load More
Vendor: CVE Published:; 6 September 2022

Summary

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

Affected Version(s)

WordPress Infinite Scroll – Ajax Load More * <= 5.5.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2772627/ajax...

https://www.wordfence.com/vulnerability-advisories/#CVE-2...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Jul 15, 2022

Credit

Rasoul Jahanshahi