High severity7.2NVD Advisory· Published Oct 31, 2022· Updated Jun 17, 2026
CVE-2022-3366
CVE-2022-3366
Description
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- PublishPress/Capabilitiesdescription
- Range: <2.5.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fbnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.