cve/2022/CVE-2022-4043.md

### [CVE-2022-4043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4043)
![](https://img.shields.io/static/v1?label=Product&message=WP%20Custom%20Admin%20Interface&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)

### Description

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

### POC

#### Reference
- https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-4043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4043)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%20Custom%20Admin%20Interface&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)`

			`### Description`

			`The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc`

			`#### Github`
			`No PoCs found on GitHub currently.`