Description
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more is prone to a deserialization vulnerability. Attackers can possibly exploit this issue to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions, granted a POP chain is also present. WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more version 2.9.8.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.9.8.6 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2437
https://plugins.svn.wordpress.org/feed-them-social/trunk/readme.txt
Related Vulnerabilities
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4699)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0129)
WordPress Plugin Zedna Contact form Arbitrary File Upload (1.0)
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.22.8)