CVE-2022-4324 Custom Field Template < 2.5.8 - Admin+ PHP Object Injection

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

PT-2023-14183 · WordPress · Custom Field Template

Name of the Vulnerable Software and Affected Versions: Custom Field Template WordPress plugin versions prior to 2.5.8 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when a high-privilege user imports a...

CVE-2022-3374

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

PT-2022-21856 · WordPress · Ocean Extra

Name of the Vulnerable Software and Affected Versions: Ocean Extra WordPress plugin versions prior to 2.0.5 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when a high-privilege user imports a malicious...

CVE-2022-3374

CVE-2022-3374 affects the WordPress Ocean Extra plugin prior to version 2.0.5. The issue is insecure deserialization: when importing a malicious Customizer Styling file, the plugin may unserialize the import content, potentially enabling PHP object injections if a high-privilege user imports such...

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following co...

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the followin...