Lucene search

K
cvelistWPScanCVELIST:CVE-2022-3374
HistoryOct 31, 2022 - 12:00 a.m.

CVE-2022-3374 Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

2022-10-3100:00:00
CWE-502
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

42.9%

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Ocean Extra",
    "versions": [
      {
        "version": "2.0.5",
        "status": "affected",
        "lessThan": "2.0.5",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

42.9%