CVE-2022-2446 – This vulnerability in the WP Editor WordPress p... (How to Fix)

Q: What is the severity of CVE-2022-2446?

CVE-2022-2446 has a CVSS score of 7.2 (HIGH). This vulnerability in the WP Editor WordPress plugin allows authenticated attackers with administrative privileges to execute arbitrary PHP code via deserialization of untrusted input. It affects WordPress sites using WP Editor versions up to 1.2.9, requiring the attacker to upload a malicious file and have a POP chain present for exploitation.

📋 TL;DR

This vulnerability in the WP Editor WordPress plugin allows authenticated attackers with administrative privileges to execute arbitrary PHP code via deserialization of untrusted input. It affects WordPress sites using WP Editor versions up to 1.2.9, requiring the attacker to upload a malicious file and have a POP chain present for exploitation.

💻 Affected Systems

Products:

WP Editor WordPress plugin

Versions: Up to and including 1.2.9

Operating Systems: All OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with WP Editor plugin enabled and administrative user access.

📦 What is this software?

Wp Editor by Benjaminrojas

View all CVEs affecting Wp Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or website defacement.

🟠

Likely Case

Unauthorized code execution allowing backdoor installation, data exfiltration, or privilege escalation.

🟢

If Mitigated

Limited impact if administrative access is restricted and file uploads are controlled.

🌐 Internet-Facing: HIGH, as WordPress sites are typically internet-facing and administrative accounts may be targeted.

🏢 Internal Only: MEDIUM, as it requires administrative privileges, reducing risk from internal threats.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires administrative access, file upload capability, and a POP chain, making it moderately complex.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.0 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3151053/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Editor and update to version 1.3.0 or later. 4. Verify update completes successfully.

🔧 Temporary Workarounds

Disable WP Editor Plugin

all

Temporarily deactivate the plugin to mitigate risk until patching.

wp plugin deactivate wp-editor

Restrict File Uploads

all

Limit file upload capabilities for administrative users to prevent payload delivery.

🧯 If You Can't Patch

Remove administrative privileges from untrusted users to reduce attack surface.
Implement web application firewall (WAF) rules to block deserialization attempts and PHAR wrapper usage.

🔍 How to Verify

Check if Vulnerable:

Check WP Editor plugin version in WordPress admin under Plugins > Installed Plugins; if version is 1.2.9 or lower, it is vulnerable.

Check Version:

wp plugin get wp-editor --field=version

Verify Fix Applied:

Confirm WP Editor plugin version is 1.3.0 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to WordPress media library
PHP errors related to deserialization or PHAR usage in web server logs

Network Indicators:

HTTP requests containing 'current_theme_root' parameter with PHAR wrapper data

SIEM Query:

source="web_logs" AND ("current_theme_root" OR "phar://")

📊 Metadata

CVE ID: CVE-2022-2446

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: September 13, 2024

Last Updated: September 27, 2024

🔗 References

https://plugins.trac.wordpress.org/changeset/3151053/ Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/f3555702-4427-4569-8fd6-f84113593e9d?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-2446, you might also want to check these: