CVE-2022-45083 — Deserialization of Untrusted Data in Profilepress

CWE-502 — Deserialization of Untrusted Data2 documents2 sources

Severity

7.2HIGHNVD

EPSS

0.3%

top 49.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Properfraction Profilepress

Timeline

PublishedJan 19

Description

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDproperfraction/profilepress< 4.4.0

🔴Vulnerability Details

GHSA

GHSA-cf3h-vjg3-v2hx: Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form,↗2024-01-19

▶