CVE-2022-45083 MEDIUM

CVE-2022-45083: WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection

Vendor Profilepress Membership Team
Product Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Weakness CWE-502 · Unsafe deserialization
Published January 19, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.

Key dates

02Disclosure timeline

January 19, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection` CVE-2026-32512 WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability CVE-2025-49380 WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability CVE-2020-36726 Ultimate Reviews < 2.1.33 - PHP Object Injection CVE-2024-30224 WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated PHP Object Injection vulnerability