CVE-2022-3861 Information
Description
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to and including 26.5.1.4 via deserialization of untrusted input supplied via the import mfn-items-import-page and mfn-items-import parameters passed through the mfn_builder_import mfn_builder_import_page importdata importsinglepage and importfromclipboard functions. This makes it possible for authenticated attackers with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code retrieve sensitive data delete files etc..
Reference
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3861 https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-3861.txt https://muffingroup.com/betheme/
Share on: