CVE-2023-1669

CWE-502 — Deserialization of Untrusted Data CWE-20 — Improper Input Validation CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

7.2HIGH

EPSS

18.1%

top 4.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Seopress Seopress Seopress

Timeline

PublishedMay 2

Latest updateFeb 20

Description

The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5unknown/seopress< 6.5.0.3

▶NVDseopress/seopress< 6.5.0.3

🔴Vulnerability Details

GHSA

Denial of Service issue in quinn-proto↗2023-09-21

▶

GHSA

GHSA-467c-9pm8-6w84: The SEOPress WordPress plugin before 6↗2023-05-02

▶

CVEList

SEOPress < 6.5.0.3 - Admin+ PHP Object Injection↗2023-05-02

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2024-1669↗2024-02-20

▶