3 matches found
CVE-2022-2440
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...
CVE-2022-2440 Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...
WordPress Theme Editor Plugin <= 2.8 is vulnerable to PHP Object Injection
Software Theme Editor Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2440 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID b13ac324d817 Credits Rasoul Jahanshahi Required privilege Administrator...