CVE-2022-3374

CVE-2022-3374: Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

Vendor Unknown
Product Ocean Extra
Weakness CWE-502 · Unsafe deserialization
Published October 31, 2022
Last update May 6, 2025

CVSS base score

What the vulnerability does

01Description

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.

Key dates

02Disclosure timeline

October 31, 2022 CVE published
May 6, 2025 Record updated