Plugin Vulnerability Could Allow Authenticated Users to Perform Malicious Actions
CVE-2022-2439

7.2HIGH

Key Information:

Vendor
Smub
Status
Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy
Vendor
CVE Published:
24 September 2024

Summary

The Easy Digital Downloads plugin for WordPress is exposed to a deserialization vulnerability through the 'upload[file]' parameter. This vulnerability affects versions up to and including 3.3.3, allowing authenticated administrative users to exploit the system by using a PHAR wrapper to deserialize and invoke arbitrary PHP Objects. Such actions can lead to various malicious activities, contingent upon the presence of a suitable PHP Object Pollution (POP) chain. This significant weakness underscores the need for immediate updates and security best practices to mitigate potential misuse.

Affected Version(s)

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy * <= 3.3.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/3154854/easy...
https://plugins.trac.wordpress.org/changeset/3154854/easy...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rasoul Jahanshahi
.