| |
Vulnerability CVE-2022-4324
Published: 2023-01-02
| Description: |
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. |
Type:
CWE-502 (Deserialization of Untrusted Data)
References: |
https://wpscan.com/vulnerability/70c39236-f7ae-49bf-a2f0-7cb9aa983e45
|
|
|
closedb();
?>
Copyright 2026, cxsecurity.com
|
|
|