Vulnerability CVE-2022-4324


Published: 2023-01-02

Description:
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.

Type:

CWE-502

(Deserialization of Untrusted Data)

 References:
https://wpscan.com/vulnerability/70c39236-f7ae-49bf-a2f0-7cb9aa983e45

Copyright 2026, cxsecurity.com

 

Back to Top