CVE-2022-4265

HIGH

Replyable < 2.2.10 - Authenticated Object Injection and Cross-Site Request Forgery via Prompt Dismiss Notice

Title source: llm
STIX 2.1

Description

The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/095cba08-7edd-41fb-9776-da151c0885dd

Scores

CVSS v3 8.8
EPSS 0.0051
EPSS Percentile 39.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (1)
gopostmatic/replyable < 2.2.10
Published Mar 06, 2023
Tracked Since Feb 18, 2026