Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Kadence WooCommerce Email Designer by Unknown
CVE-2022-3335 (GCVE-0-2022-3335)
Vulnerability from nvd – Published: 2022-10-25 00:00 – Updated: 2025-05-09 19:04
VLAI?
Title
Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
Summary
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Kadence WooCommerce Email Designer |
Affected:
1.5.7 , < 1.5.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/39514705-c887-4a02-a77b-36e1dcca8f5d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3335",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T19:03:30.607673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:04:09.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kadence WooCommerce Email Designer",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.7",
"status": "affected",
"version": "1.5.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Duy Quoc Khanh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/39514705-c887-4a02-a77b-36e1dcca8f5d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kadence WooCommerce Email Designer \u003c 1.5.7 - Admin+ PHP Objection Injection",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3335",
"datePublished": "2022-10-25T00:00:00.000Z",
"dateReserved": "2022-09-27T00:00:00.000Z",
"dateUpdated": "2025-05-09T19:04:09.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3335 (GCVE-0-2022-3335)
Vulnerability from cvelistv5 – Published: 2022-10-25 00:00 – Updated: 2025-05-09 19:04
VLAI?
Title
Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
Summary
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Kadence WooCommerce Email Designer |
Affected:
1.5.7 , < 1.5.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/39514705-c887-4a02-a77b-36e1dcca8f5d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3335",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T19:03:30.607673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:04:09.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kadence WooCommerce Email Designer",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.7",
"status": "affected",
"version": "1.5.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Duy Quoc Khanh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/39514705-c887-4a02-a77b-36e1dcca8f5d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kadence WooCommerce Email Designer \u003c 1.5.7 - Admin+ PHP Objection Injection",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3335",
"datePublished": "2022-10-25T00:00:00.000Z",
"dateReserved": "2022-09-27T00:00:00.000Z",
"dateUpdated": "2025-05-09T19:04:09.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}