The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
CPE | Name | Operator | Version |
---|---|---|---|
shortcodes_and_extra_features_for_phlox_theme | lt | 2.10.7 |