4 matches found
CVE-2022-3374
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
CVE-2022-3374 Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
CVE-2022-3374
CVE-2022-3374 affects the WordPress Ocean Extra plugin prior to version 2.0.5. The issue is insecure deserialization: when importing a malicious Customizer Styling file, the plugin may unserialize the import content, potentially enabling PHP object injections if a high-privilege user imports such...
CVE-2022-3374 Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...