Smart Slider 3 < 3.5.1.11 - PHP Object Injection
CVE-2022-3357

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Smart Slider 3
Vendor: CVE Published:; 31 October 2022

Summary

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site.

Affected Version(s)

Smart Slider 3 3.5.1.11

References

https://wpscan.com/vulnerability/2e28a4e7-e7d3-485c-949c-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 29, 2022

Credit

Nguyen Duy Quoc Khanh