How severe is CVE-2022-2444?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-2444?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2022-2444 - HIGH Severity | CVSS 8.8

Vulnerability Description

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

Related Vulnerabilities

CVE-2016-10753

HIGH

CVSS:8.8(High)

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

CWE-5022016

CVE-2016-1487

HIGH

CVSS:8.8(High)

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.

CWE-5022016

CVE-2016-4398

HIGH

CVSS:8.8(High)

A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.

CWE-5022016

CVE-2016-4405

HIGH

CVSS:8.8(High)

A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26

CWE-5022016

CVE-2016-7065

HIGH

CVSS:8.8(High)

The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serializ...

CWE-5022016

CVE-2016-8744

HIGH

CVSS:8.8(High)

Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration ...

CWE-5022016