Rewterz Threat Advisory – CVE-2022-3154 – Shortcodes Ultimate plugins for WordPress Vulnerability

Rewterz Threat Alert – APT Group Gamaredon – Active IOCs

November 7, 2022

Rewterz Threat Alert – AveMaria RAT – Active IOCs

November 7, 2022

Rewterz Threat Advisory – CVE-2022-3154 – Shortcodes Ultimate plugins for WordPress Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-3154

Shortcodes Ultimate plugins for WordPress are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform preset settings change. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

Impact

Gain Access

Indicators Of Compromise

CVE

CVE-2022-3154

Affected Vendors

WordPress

Affected Products

Shortcodes Ultimate Plugin for WordPress 5.12.0

Remediation

Refer to WordPress Plugin Website for patch, upgrade or suggested workaround information.

WordPress Plugin Website

Rewterz Threat Alert – APT Group Gamaredon – Active IOCs

Rewterz Threat Alert – AveMaria RAT – Active IOCs

Rewterz Threat Advisory – CVE-2022-3154 – Shortcodes Ultimate plugins for WordPress Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan