CVE-2022-3334

CVE-2022-3334: Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

Vendor Unknown
Product Easy WP SMTP
Weakness CWE-502 · Unsafe deserialization
Published October 31, 2022
Last update May 6, 2025

CVSS base score

What the vulnerability does

01Description

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Key dates

02Disclosure timeline

October 31, 2022 CVE published
May 6, 2025 Record updated