The Starter Templates by Kadence WP WordPress plugin...
High severity
Unreviewed
Published
Jan 10, 2023
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Jan 9, 2023
Published to the GitHub Advisory Database
Jan 10, 2023
Last updated
Jan 29, 2023
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
References