Ocean Extra, CVE-2022-3374

CVE, Research URL: CVE-2022-3374
Home page URL: Security reports for Ocean Extra
Application: Ocean Extra
Published on: Oct 31, 2022
Research Description: The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.
Affected versions: Min -, max 2.1.2.
Status: vulnerable