CVE-2022-2436Deserialization of Untrusted Data in Download Manager

CWE-502Deserialization of Untrusted DataCWE-476NULL Pointer Dereference4 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.1%
top 22.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
W3eden Download ManagerCodename065 Download Manager
Timeline
PublishedSep 6
Latest updateOct 7

Description

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is success

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Patches

Patch: plugins.trac.wordpress.orgPatch: plugins.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-2895-g6rw-7xgr: The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to,2022-09-07
CVEList
Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization2022-09-06

📋Vendor Advisories

1
Red Hat
kernel: tipc: fix a null-ptr-deref in tipc_topsrv_accept2025-10-07
CVE-2022-2436 — Deserialization of Untrusted Data | cvebase