Description
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Remediation
References
Related Vulnerabilities
WordPress Plugin Product Addons & Fields for WooCommerce Same Origin Method Execution (SOME) (14.0)
WordPress 4.3.x Cross-Site Scripting Vulnerability (4.3 - 4.3.1)
Envoy Proxy Reachable Assertion Vulnerability (CVE-2022-29228)
WordPress Plugin uTubeVideo Gallery Unspecified Vulnerability (2.0.6)
WordPress Plugin Flat Preloader Cross-Site Scripting (1.5.4)