Описание
The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.10.7 (исключая)
cpe:2.3:a:averta:shortcodes_and_extra_features_for_phlox_theme:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 73%
0.00755
Низкий
8.8 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
The Shortcodes and extra features for Phlox WordPress plugin through 2.10.5 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
EPSS
Процентиль: 73%
0.00755
Низкий
8.8 High
CVSS3