Vulnerabilities (CVE)

Filtered by vendor Themeisle Subscribe
Filtered by product Otter
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2288 1 Themeisle 1 Otter 2023-12-10 N/A 8.8 HIGH
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.