This paragraph provides a neutral summary of the text, highlighting key points about the vulnerabilities found in CiviCRM version 5.22.0. The vulnerabilities were discovered during vulnerability research and resulted in a combination that could allow remote attackers to execute arbitrary system commands on any CiviCRM instance running on WordPress, compromising the server and its data. The vulnerabilities, including CSRF and Phar Deserialization issues, were reported responsibly to the vendor, who released multiple security patches to protect users against attacks. The patched versions of CiviCRM are 5.28.1 and 5.27.5 ESR for the CSRF vulnerability, and 5.24.3 and 5.21.3 for the Phar Deserialization issue. It is recommended that users hosting a CiviCRM instance update their installation to the latest patched version to ensure security.