2 matches found
CVE-2022-4324 Custom Field Template < 2.5.8 - Admin+ PHP Object Injection
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
CVE-2022-4324
The vulnerability CVE-2022-4324 affects the WordPress plugin Custom Field Template prior to version 2.5.8 . The issue arises from unserialising the content of an imported file, which can enable PHP object injection when a high-privilege user imports a malicious Customizer Styling file and a suita...