5 matches found
CVE-2023-1347
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1347 Customizer Export/Import < 0.9.6 - Admin+ PHP Object Injection
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1347
CVE-2023-1347 affects the WordPress plugin Customizer Export/Import (versions before 0.9.6). The issue arises from unserializing user input in settings, enabling PHP Object Injection when a suitable gadget is present. Exploitation requires admin-level privileges, with a high impact as documented....
CVE-2023-1347 Customizer Export/Import < 0.9.6 - Admin+ PHP Object Injection
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
WordPress Customizer Export/Import Plugin < 0.9.6 is vulnerable to PHP Object Injection
Software Customizer Export/Import Type Plugin Vulnerable versions 0.9.6 Fixed in 0.9.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1347 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 014e99d7d277 Credits Nguyen Huu Do Required privilege...