CVE-2022-4324 Information

Description

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.

Reference

https://wpscan.com/vulnerability/70c39236-f7ae-49bf-a2f0-7cb9aa983e45