CVE-2022-3334

Summary: CVE-2022-3334 affects the WordPress plugin Easy WP SMTP, versions

CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

PT-2022-21871 · WordPress · Customizer Export/Import

Name of the Vulnerable Software and Affected Versions: Customizer Export/Import WordPress plugin versions prior to 0.9.5 Description: The issue arises from the plugin unserializing the content of an imported file, potentially leading to PHP object injection issues when a malicious file is importe...

CVE-2022-3380 Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection

The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3357 Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site...

PT-2022-21773 · WordPress · Easy Wp Smtp

Name of the Vulnerable Software and Affected Versions: Easy WP SMTP WordPress plugin versions prior to 1.5.0 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to a PHP object injection issue. This can occur when an admin imports a...

WordPress plugin PublishPress Capabilities 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2022-3366

The CVE concerns the WordPress plugins PublishPress Capabilities (before 2.5.2) and PublishPress Capabilities Pro (before 2.5.2). The issue is a PHP object injection risk arising from unserializing the content of imported files in multisite configurations, as described in the CVE entry. Exploitat...

CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

WordPress plugin Ocean Extra 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2022-3374

CVE-2022-3374 affects the WordPress Ocean Extra plugin prior to version 2.0.5. The issue is insecure deserialization: when importing a malicious Customizer Styling file, the plugin may unserialize the import content, potentially enabling PHP object injections if a high-privilege user imports such...

CVE-2022-3357 Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site...

CVE-2022-3334 Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

EUVD-2022-42743

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

CVE-2022-3357

The CVE concerns the WordPress Smart Slider 3 plugin (versions

CVE-2022-3374 Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

CVE-2022-3334 Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3366 PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...

PT-2022-21796 · Publishpress · Publishpress Capabilities Pro

Name of the Vulnerable Software and Affected Versions: PublishPress Capabilities WordPress plugin versions prior to 2.5.2 PublishPress Capabilities Pro WordPress plugin versions prior to 2.5.2 Description: The issue allows PHP object injection attacks by administrators on multisite WordPress...

CVE-2022-3335

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...