CVE-2022-3335

CVE-2022-3335: Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

Vendor Unknown

Product Kadence WooCommerce Email Designer

Weakness CWE-502 · Unsafe deserialization

Published October 25, 2022

Last update May 9, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Key dates

02Disclosure timeline

October 25, 2022 CVE published

May 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3335 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2026-39550 WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability CVE-2025-49655 CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue CVE-2025-54007 WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability