CVE-2022-3374

🗓️ 31 Oct 2022 00:00:00Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 97 Views🌐 WEB

The Ocean Extra WordPress plugin before 2.0.5 allows PHP object injection via unserializing imported files

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2022-3374	31 Oct 202219:38	–	circl
CNNVD	WordPress plugin Ocean Extra 代码问题漏洞	31 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-3374 Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection	31 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-42753	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 36 Update: xen-4.16.1-5.fc36	13 Jul 202202:00	–	fedora
NVD	CVE-2022-3374	31 Oct 202216:15	–	nvd
OpenVAS	WordPress Ocean Extra Plugin < 2.0.5 PHP Objection Injection Vulnerability	7 Nov 202200:00	–	openvas
OpenVAS	Fedora: Security Advisory for xen (FEDORA-2022-c4ec706488)	14 Jul 202200:00	–	openvas
Patchstack	WordPress Ocean Extra plugin <= 2.0.4 - Auth. PHP Objection Injection vulnerability	10 Oct 202200:00	–	patchstack
Prion	Design/Logic Flaw	31 Oct 202216:15	–	prion

NVD

Vulners

Node

oceanwp ocean_extraRange<2.0.5wordpress

[
  {
    "vendor": "Unknown",
    "product": "Ocean Extra",
    "versions": [
      {
        "version": "2.0.5",
        "status": "affected",
        "lessThan": "2.0.5",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/22fd3f28-9036-4bd5-ad98-ff78bd1b51bc

Parameter	Position	Path	Description	CWE
file	binary	/wp-admin/admin-ajax.php?_fs_blog_admin=true	Deserialization of uploaded file content leading to PHP object injection (gadget chain) via Import Customizer Styling feature	CWE-502

06 May 2025 21:15Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17.2

EPSS0.00908

SSVC

CWE-502