Description
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more is prone to a deserialization vulnerability. Attackers can possibly exploit this issue to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions, granted a POP chain is also present. WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more version 2.9.8.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.9.8.6 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2437
https://plugins.svn.wordpress.org/feed-them-social/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin QIWI payment module for Woocommerce Cross-Site Scripting (0.0.9)
WordPress Plugin WOOF-Products Filter for WooCommerce Unspecified Vulnerability (1.2.6.2)
WordPress 4.0.x Prototype Pollution (4.0 - 4.0.34)
Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10)
WordPress Plugin The Plus Addons for Elementor Cross-Site Scripting (4.1.11)