Details of VAR-202301-1467

ID

VAR-202301-1467

CVE

CVE-2022-4327

TITLE

WordPress plugin Anti-Malware Security and Brute-Force Firewall Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202301-1222

DESCRIPTION

Rejected reason: This issue does not bear any security risk as it's only exploitable by users with administrator or super-administrator roles, who can already do what they want on their site. The Anti-Malware Security and Brute-Force Firewall WordPress plugin up to and including 4.21.85 is prone to a PHP Object Injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated as high privilege user could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input

Trust: 1.08

sources: NVD: CVE-2022-4327 // VULHUB: VHN-447225 // VULMON: CVE-2022-4327

CVSS

SEVERITY

CVSSV2

CVSSV3

CNNVD:	CNNVD-202301-1222
value:	HIGH
Trust: 0.6

sources: CNNVD: CNNVD-202301-1222

PROBLEMTYPE DATA

problemtype:

CWE-502

Trust: 0.1

sources: VULHUB: VHN-447225

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1222

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-1222

PATCH

title:

WordPress plugin Anti-Malware Security and Brute-Force Firewall Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=222465

Trust: 0.6

sources: CNNVD: CNNVD-202301-1222

EXTERNAL IDS

db:	NVD	id:	CVE-2022-4327	Trust: 1.8
db:	CNNVD	id:	CNNVD-202301-1222	Trust: 0.6
db:	VULHUB	id:	VHN-447225	Trust: 0.1
db:	VULMON	id:	CVE-2022-4327	Trust: 0.1

sources: VULHUB: VHN-447225 // VULMON: CVE-2022-4327 // CNNVD: CNNVD-202301-1222 // NVD: CVE-2022-4327

REFERENCES

url:	https://wpscan.com/vulnerability/2c94e7b6-a9dd-47d4-bb17-20acb072c825	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-4327/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/502.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-447225 // VULMON: CVE-2022-4327 // CNNVD: CNNVD-202301-1222

SOURCES

db:	VULHUB	id:	VHN-447225
db:	VULMON	id:	CVE-2022-4327
db:	CNNVD	id:	CNNVD-202301-1222
db:	NVD	id:	CVE-2022-4327

LAST UPDATE DATE

2024-08-14T14:02:08.676000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-447225	date:	2023-01-30T00:00:00
db:	VULMON	id:	CVE-2022-4327	date:	2023-01-17T00:00:00
db:	CNNVD	id:	CNNVD-202301-1222	date:	2023-02-01T00:00:00
db:	NVD	id:	CVE-2022-4327	date:	2023-11-07T03:57:33.320

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-447225	date:	2023-01-16T00:00:00
db:	VULMON	id:	CVE-2022-4327	date:	2023-01-16T00:00:00
db:	CNNVD	id:	CNNVD-202301-1222	date:	2023-01-16T00:00:00
db:	NVD	id:	CVE-2022-4327	date:	2023-01-16T16:15:11.497