The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Shortcodes_and_extra_features_for_phlox_theme | Averta | * | 2.10.7 (excluding) |