CVE-2022-3359

Name of the Vulnerable Software and Affected Versions Shortcodes and extra features for Phlox theme WordPress plugin versions prior to 2.10.7

Description The issue arises from the unserialize of the content of an imported file, which could lead to PHP object injection when a user imports a malicious file and a suitable gadget chain is present on the blog. This occurs when a user, intentionally or not, imports a malicious file.

Recommendations For versions prior to 2.10.7, update to version 2.10.7 or later to resolve the issue. As a temporary workaround, consider restricting the import functionality to trusted users or files until the update is applied. Avoid using the import feature with untrusted files until the issue is resolved.