Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection



Description
Usage of unserialize() on user input in the saving request of the orders leads to PHP object injection vulnerability.
Proof of Concept
Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order&order=SERIALIZED-OBJECT"

Affects Plugin

References

URL https://plugins.trac.wordpress.org/changeset/1827161/taxonomy-terms-order

Classification

Type OBJECTINJECTION
OWASP Top 10 A8: Insecure Deserialization
CWE CWE-502

Miscellaneous

Submitter Karim El Ouerghemmi
Submitter Website https://ripstech.com
Views 7263
Verified No
WPVDB ID 9034

Timeline

Publicly Published 2018-02-28 (over 2 years ago)
Added 2018-03-02 (about 2 years ago)
Last Updated 2019-11-01 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin