Описание
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.5 (исключая)
cpe:2.3:a:oceanwp:ocean_extra:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 75%
0.00861
Низкий
7.2 High
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.
EPSS
Процентиль: 75%
0.00861
Низкий
7.2 High
CVSS3
Дефекты
CWE-502