CVE-2015-6828

Name of the Vulnerable Software and Affected Versions SecureMoz Security Audit plugin version 1.0.5 and earlier

Description The issue concerns the tweet info function in the class/ functions.php file, which does not utilize an HTTPS session for downloading serialized data. This oversight allows man-in-the-middle attackers to modify the client-server data stream, facilitating PHP object injection attacks and enabling the execution of arbitrary PHP code.

Recommendations For SecureMoz Security Audit plugin version 1.0.5 and earlier, consider disabling the tweet info function until a patch is available to prevent potential PHP object injection attacks. Restrict access to the class/ functions.php file to minimize the risk of exploitation. Avoid using the affected function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.