WordPress Vulnerabilities

WP 6.4-6.4.1 - POP Chain

Description

WP 6.4 introduced a PHP gadget chain. While the issue is not directly exploitable, it could be used along with a PHP unserialization (for example in a plugin or theme installed on the blog) to achieve RCE

Affects WordPress

6.4.1
Fixed in WordPress 6.4.2
6.4
Fixed in WordPress 6.4.2

References

URL
https://fenrisk.com/publications/blogpost/2023/11/22/gadgets-chain-in-wordpress/

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
8.1 (high)

Miscellaneous

Original Researcher
Maxime Rinaudo
Verified
Yes
WPVDB ID
2afcb141-c93c-4244-bde4-bf5c9759e8a3

Timeline

Publicly Published
2023-12-06 (about 5 months ago)
Added
2023-12-07 (about 5 months ago)
Last Updated
2023-12-07 (about 5 months ago)

Other

Published
Title
Published
2017-04-27
Title
Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection
Published
2021-01-08
Title
Modal Survey < 2.0.1.8.2 - Authenticated PHP Object Injection
Published
2023-01-04
Title
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection
Published
2017-04-27
Title
SiteBuilder Dynamic Components <= 1.0 - Unauthenticated PHP Object Injection
Published
2016-06-24
Title
Welcart e-Commerce < 1.8.3 - PHP Object Injection