CVE-2022-3359 Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection

2022-12-1217:54:32

WPScan

www.cve.org

cve-2022-3359

wordpress plugin

php object injection

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Shortcodes and extra features for Phlox theme",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.10.7"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/08f3ce22-94a0-496a-aaf9-d35b6b0f5bb6