CVE-2022-3380

The CVE-2022-3380 entry concerns the WordPress plugin Customizer Export/Import, affected versions prior to 0.9.5. The vulnerability arises from unserializing the content of an imported file, enabling PHP object injection if an admin imports a malicious file and a gadget chain is present on the bl...

WordPress plugin Ocean Extra 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2022-3334

Summary: CVE-2022-3334 affects the WordPress plugin Easy WP SMTP, versions

CVE-2022-3334 Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3334 Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

PT-2022-21773 · WordPress · Easy Wp Smtp

Name of the Vulnerable Software and Affected Versions: Easy WP SMTP WordPress plugin versions prior to 1.5.0 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to a PHP object injection issue. This can occur when an admin imports a...

CVE-2022-3357 Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site...

CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

CVE-2022-3366 PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...

CVE-2022-3335

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

WordPress plugin Kadence WooCommerce Email Designer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2022-21774 · WordPress · Kadence Woocommerce Email Designer

Name of the Vulnerable Software and Affected Versions: Kadence WooCommerce Email Designer WordPress plugin versions prior to 1.5.7 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when an admin imports a...

CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

WordPress Smart Slider 3 plugin <= 3.5.1.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Smart Slider 3 plugin versions = 3.5.1.9. Solution Update the WordPress Smart Slider 3 plugin to the latest available version at least 3.5.1.11...

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the followin...

Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. To simulate a gadget chain, put the following code in a plugin class Evil public...

Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. PoC To simulate a gadget chain, put the following code in a plugin class Evil publ...