Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for PublishPress Capabilities Pro by Unknown

    CVE-2022-3366 (GCVE-0-2022-3366)

    Vulnerability from nvd – Published: 2022-10-31 00:00 – Updated: 2025-05-06 20:27
    VLAI
    Title
    PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
    Summary
    The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Credits
    Nguyen Pham Viet Nam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3366",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T20:26:42.467732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T20:27:05.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PublishPress Capabilities \u2013 User Role Access, Editor Permissions, Admin Menus",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.5.2",
                  "status": "affected",
                  "version": "2.5.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PublishPress Capabilities Pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.5.2",
                  "status": "affected",
                  "version": "2.5.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Nguyen Pham Viet Nam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-31T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "PublishPress Capabilities \u003c 2.5.2 - Admin+ PHP Objection Injection",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3366",
        "datePublished": "2022-10-31T00:00:00.000Z",
        "dateReserved": "2022-09-29T00:00:00.000Z",
        "dateUpdated": "2025-05-06T20:27:05.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25032 (GCVE-0-2021-25032)

    Vulnerability from nvd – Published: 2022-01-10 00:00 – Updated: 2024-08-03 19:49
    VLAI
    Title
    PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
    Summary
    The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    • CWE-862 - Missing Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Unknown PublishPress Capabilities – User Role Access, Editor Permissions, Admin Menus Affected: 2.0 , < 2.0* (custom)
    Affected: 2.3.1 , < 2.3.1 (custom)
    Create a notification for this product.
    Unknown PublishPress Capabilities Pro Affected: 2.0 , < 2.0* (custom)
    Affected: 2.3.1 , < 2.3.1 (custom)
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:49:14.582Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2640161"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PublishPress Capabilities \u2013 User Role Access, Editor Permissions, Admin Menus",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.0*",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "2.3.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PublishPress Capabilities Pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.0*",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "2.3.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin\u0027s settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2640161"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "PublishPress Capabilities \u003c 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-25032",
        "datePublished": "2022-01-10T00:00:00.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:49:14.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3366 (GCVE-0-2022-3366)

    Vulnerability from cvelistv5 – Published: 2022-10-31 00:00 – Updated: 2025-05-06 20:27
    VLAI
    Title
    PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
    Summary
    The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Credits
    Nguyen Pham Viet Nam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3366",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T20:26:42.467732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T20:27:05.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PublishPress Capabilities \u2013 User Role Access, Editor Permissions, Admin Menus",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.5.2",
                  "status": "affected",
                  "version": "2.5.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PublishPress Capabilities Pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.5.2",
                  "status": "affected",
                  "version": "2.5.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Nguyen Pham Viet Nam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-31T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "PublishPress Capabilities \u003c 2.5.2 - Admin+ PHP Objection Injection",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3366",
        "datePublished": "2022-10-31T00:00:00.000Z",
        "dateReserved": "2022-09-29T00:00:00.000Z",
        "dateUpdated": "2025-05-06T20:27:05.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25032 (GCVE-0-2021-25032)

    Vulnerability from cvelistv5 – Published: 2022-01-10 00:00 – Updated: 2024-08-03 19:49
    VLAI
    Title
    PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
    Summary
    The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    • CWE-862 - Missing Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Unknown PublishPress Capabilities – User Role Access, Editor Permissions, Admin Menus Affected: 2.0 , < 2.0* (custom)
    Affected: 2.3.1 , < 2.3.1 (custom)
    Create a notification for this product.
    Unknown PublishPress Capabilities Pro Affected: 2.0 , < 2.0* (custom)
    Affected: 2.3.1 , < 2.3.1 (custom)
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:49:14.582Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2640161"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PublishPress Capabilities \u2013 User Role Access, Editor Permissions, Admin Menus",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.0*",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "2.3.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PublishPress Capabilities Pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.0*",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "2.3.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin\u0027s settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2640161"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "PublishPress Capabilities \u003c 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-25032",
        "datePublished": "2022-01-10T00:00:00.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:49:14.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }