Muhammed Kara

Name of the Vulnerable Software and Affected Versions: ToTop Link WordPress plugin versions 1.7.1 and earlier Description: The issue arises from the ToTop Link WordPress plugin passing base64 encoded user input to the `unserialize()` PHP function. This could potentially lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain. Recommendations: For ToTop Link WordPress plugin versions 1.7.1 and earlier, consider updating to a version that does not pass user input to the `unserialize()` function without proper validation, or temporarily restrict the use of the `unserialize()` function in the plugin until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.