WordPress Plugin Vulnerabilities

Row Seats Core < 2.68 - Unauthenticated PHP Object Injection

Description

The plugin row-seats insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector.

This vulnerability was patched in version 2.68, information is being released now as a disclosure period has expired.

Proof of Concept

Attack is exploitable over HTTP requests to sites with the row-seats Plugin.

Affects Plugins

Plugin icon
row-seats
Fixed in 2.68

References

URL
https://en-gb.wordpress.org/plugins/row-seats/

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Submitter
Robert R
Submitter website
https://pagely.com
Submitter twitter
@iamlei
Verified
No
WPVDB ID
05ddeeb1-2d43-47a2-814f-f59c44ca3bba

Timeline

Publicly Published
2017-04-27 (about 7 years ago)
Added
2017-05-21 (about 6 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2024-01-03
Title
HTML5 MP3 Player with Playlist Free <= 3.0.0 - Authenticated (Author+) PHP Object Injecton
Published
2019-02-05
Title
NextGen Gallery <= 3.1.5 - Authenticated PHP Object Injection
Published
2023-12-29
Title
Theme per user < 1.0.2 - Unauthenticated PHP Object Injection
Published
2024-01-16
Title
Asgaros Forum < 2.8.0 - Unauthenticated PHP Object Injection in prepare_unread_status
Published
2019-02-15
Title
Advanced Custom Fields < 5.7.12 - Unserialize of user input