cleantalk
Vulnerabilities and Security Researches

PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus, CVE-2022-3366

CVE, Research URL

CVE-2022-3366

Home page URL

Security reports for PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus

Application

PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus

Published on
Oct 31, 2022
Research Description
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.
Affected versions
max 1.5.9.
Status
vulnerable
Previous vulnerability researches
PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus (CVE-2026-32394) , Mar 30, 2026
PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus (CVE-2022-3366) , Jun 07, 2024
PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus (CVE-2021-25032) , Jun 07, 2024
New vulnerability
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-32539) , Mar 30, 2026
Kargo Takip (CVE-2026-25365) , Mar 30, 2026
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) (CVE-2026-32429) , Mar 30, 2026
Pochipp (CVE-2026-32417) , Mar 30, 2026
Contact Manager (CVE-2026-32517) , Mar 30, 2026