PT-2023-11868 · WordPress · The Ultimate Reviews

Jerome Bruandet

Publicado

2023-06-07

Atualizado

2023-06-13

CVE-2020-36726

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Ultimate Reviews plugin for WordPress versions up to and including 2.1.32

Description The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in several vulnerable functions, as no POP chain is present in the vulnerable plugin.

Recommendations For versions up to and including 2.1.32, update to a version that contains a fix for this issue to prevent PHP Object Injection.

Exploit

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2020-36726

Produtos afetados

The Ultimate Reviews

PT-2023-11868 · WordPress · The Ultimate Reviews

CVE-2020-36726

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5