Fastlinemedia Customizer Export Import vulnerabilities
3 known vulnerabilities affecting fastlinemedia/customizer_export_import.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-1347P3HIGHCVSS 7.2fixed in 0.9.62023-05-08
CVE-2023-1347 [HIGH] CWE-502 CVE-2023-1347: The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
nvd
CVE-2024-7620P3MEDIUMCVSS 6.6fixed in 0.9.7.12024-09-07
CVE-2024-7620 [MEDIUM] CWE-434 CVE-2024-7620: The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to mis
The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which
nvd
CVE-2022-3380P3HIGHCVSS 7.2fixed in 0.9.52022-10-31
CVE-2022-3380 [HIGH] CWE-502 CVE-2022-3380: The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported f
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
nvd