Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection



Description
Usage of unserialize() on user input in the saving request of the orders leads to PHP object injection vulnerability.
Proof of Concept
Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order&order=SERIALIZED-OBJECT"

Affects Plugin

fixed in version 1.5.3

References

URL https://plugins.trac.wordpress.org/changeset/1827161/taxonomy-terms-order

Classification

Type OBJECTINJECTION

Miscellaneous

Submitter Karim El Ouerghemmi
Submitter Website https://ripstech.com
Views 1529
Verified No
WPVDB ID 9034

Timeline

Publicly Published 2018-02-28 (10 months ago)
Added 2018-03-02 (10 months ago)
Last Updated 2018-08-29 (4 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.