The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-10-31T00:00:00
Updated: 2024-08-03T01:07:06.554Z
Reserved: 2022-09-30T00:00:00
Link: CVE-2022-3380
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-31T16:15:11.460
Modified: 2024-11-21T07:19:24.550
Link: CVE-2022-3380
Redhat
No data.