CVE-2022-3357

CVE-2022-3357: Smart Slider 3 < 3.5.1.11 - PHP Object Injection

Vendor Unknown

Product Smart Slider 3

Weakness CWE-502 · Unsafe deserialization

Published October 31, 2022

Last update May 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site.

Key dates

02Disclosure timeline

October 31, 2022 CVE published

May 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3357 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2026-26215 manga-image-translator Shared API Unsafe Deserialization RCE CVE-2022-2830 Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573) CVE-2025-59050 Greenshot — Insecure .NET deserialization via WM_COPYDATA enables local code execution CVE-2020-7385 Metasploit Framework 'drb_remote_codeexec' code execution CVE-2025-60215 WordPress Kriya theme <= 3.4 - PHP Object Injection Vulnerability