Login Sign Up

CVE-2022-4265

8.8 HIGH
CSRF

📋 TL;DR

The Replyable WordPress plugin before version 2.2.10 contains an object injection vulnerability in the prompt_dismiss_notice action. This allows any authenticated user, including low-privilege subscribers, to execute arbitrary code or perform other malicious actions. The vulnerability can also be exploited via CSRF attacks against authenticated users.

💻 Affected Systems

Products:
  • Replyable WordPress Plugin
Versions: All versions before 2.2.10
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the Replyable plugin enabled. Any authenticated user can exploit this vulnerability.

📦 What is this software?

Replyable by Gopostmatic

View all CVEs affecting Replyable →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full site compromise allowing remote code execution, data theft, or complete administrative takeover of the WordPress installation.

🟠

Likely Case

Unauthorized code execution leading to backdoor installation, data exfiltration, or privilege escalation within the WordPress environment.

🟢

If Mitigated

Limited impact if proper access controls, WAF rules, and monitoring are in place to detect and block exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but can be combined with CSRF to target authenticated users. Proof of concept details are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.10

Vendor Advisory: https://wpscan.com/vulnerability/095cba08-7edd-41fb-9776-da151c0885dd

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Replyable plugin and update to version 2.2.10 or later. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable Replyable Plugin

all

Temporarily deactivate the vulnerable plugin until patching is possible

wp plugin deactivate replyable

Restrict User Registration

all

Disable new user registration to limit potential attackers

Settings → General → Membership: Uncheck 'Anyone can register'

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block object injection attempts
  • Enable strict user access controls and monitor for suspicious authenticated user activity

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → Replyable version number

Check Version:

wp plugin list --name=replyable --field=version

Verify Fix Applied:

Confirm Replyable plugin version is 2.2.10 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action=prompt_dismiss_notice containing unusual class names
  • Unexpected PHP object instantiation in logs

Network Indicators:

  • HTTP requests with malicious serialized objects in POST parameters
  • CSRF attempts targeting authenticated user sessions

SIEM Query:

source="wordpress.log" AND "prompt_dismiss_notice" AND ("O:" OR "C:" OR serialized data patterns)

📊 Metadata

CVE ID: CVE-2022-4265
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: March 6, 2023
Last Updated: March 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-4265, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)