cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-3342,https://securityvulnerability.io/vulnerability/CVE-2022-3342,PHAR Deserialization Vulnerability in Jetpack CRM Plugin for WordPress,"The Jetpack CRM plugin for WordPress has a vulnerability related to PHAR deserialization through the 'zbscrmcsvimpf' parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function. Although nonce verification is performed, failure to validate during two key steps leaves the system exposed. If an attacker uploads a crafted phar:// archive and convinces an administrator to follow a malicious link, they can exploit this vulnerability to inject objects into the execution stream.",Wordpress,"Jetpack Crm – Clients, Leads, Invoices, Billing, Email Marketing, & Automation",7.5,HIGH,0.0022799998987466097,false,,false,false,false,,false,false,2023-10-20T07:29:24.289Z,0