CVE-2022-4324
published 2023-01-02CVE-2022-4324: The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a…
PriorityP351high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
17.69%
96.8th percentile
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpgogo | custom_field_template | < 2.5.8 | 2.5.8 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-482p-fj3c-xcw8: The Custom Field Template WordPress plugin before 2
ghsa_unreviewed·2023-01-03
CVE-2022-4324 [HIGH] CWE-502 GHSA-482p-fj3c-xcw8: The Custom Field Template WordPress plugin before 2
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.
CISA
Adobe Acrobat and Reader Use-After-Free Vulnerability
cisa·2022-06-08·CVSS 7.8
CVE-2009-4324 [HIGH] CWE-399 Adobe Acrobat and Reader Use-After-Free Vulnerability
Vulnerability: Adobe Acrobat and Reader Use-After-Free Vulnerability
Affected: Adobe Acrobat and Reader
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2009-4324
Remediation Due Date: 2022-06-22
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-02
Published