CVE-2022-3882 in Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin Plugin
Summary
by MITRE • 12/12/2022
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/23/2025
The vulnerability identified as CVE-2022-3882 affects the Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix WordPress plugin version 2.45 and earlier. This security flaw resides in the plugin's handling of AJAX requests and represents a critical authorization bypass vulnerability that undermines the fundamental security model of WordPress installations. The issue stems from the plugin's failure to implement proper access controls for its administrative functions, creating a pathway for unauthorized privilege escalation.
The technical implementation of this vulnerability occurs through an improperly secured AJAX action within the plugin's codebase. Specifically, the plugin's AJAX endpoint lacks adequate authentication checks and Cross-Site Request Forgery protection mechanisms. This allows any authenticated user account, regardless of role permissions, to exploit the flaw and execute malicious actions. The vulnerability is particularly concerning because it enables users with minimal privileges such as subscribers to perform high-impact operations that should typically be restricted to administrators or privileged users. The flaw operates under CWE-352 which classifies Cross-Site Request Forgery vulnerabilities, while also manifesting characteristics of CWE-285 which deals with improper authorization scenarios.
The operational impact of this vulnerability extends beyond simple privilege escalation as it creates a vector for arbitrary plugin installation and activation from the official WordPress.org repository. An attacker with access to any authenticated user account can leverage this flaw to install malicious plugins, potentially leading to full system compromise. The vulnerability enables attackers to execute code on the target WordPress installation, create backdoors, or deploy additional malware through the installed plugins. This represents a significant threat to WordPress security as it allows attackers to bypass standard WordPress security controls and escalate their privileges to administrative levels. The attack surface is particularly broad since subscriber accounts are commonly available and may be less monitored than administrator accounts.
Mitigation strategies for this vulnerability require immediate action including updating to version 2.46 or later where the authorization and CSRF protections have been properly implemented. Security administrators should also implement network-level monitoring to detect suspicious AJAX activity patterns and review user account permissions regularly. The WordPress security community recommends applying the patch immediately as this vulnerability has been actively exploited in the wild. Organizations should also consider implementing additional security layers such as web application firewalls and privileged access management controls to protect against similar authorization bypass scenarios. This vulnerability serves as a reminder of the critical importance of proper access control implementation in WordPress plugins and the potential consequences of inadequate security measures in third-party software components. The ATT&CK framework categorizes this vulnerability under privilege escalation techniques where adversaries leverage weak access controls to gain elevated permissions within the target environment.