Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection



Description
Usage of unserialize() on user input in the saving request of the orders leads to PHP object injection vulnerability.
Proof of Concept
Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order&order=SERIALIZED-OBJECT"

Affects Plugin

fixed in version 1.5.3

References

URL https://plugins.trac.wordpress.org/changeset/1827161/taxonomy-terms-order

Classification

Type OBJECTINJECTION
OWASP Top 10 A8: Insecure Deserialization
CWE CWE-502

Miscellaneous

Submitter Karim El Ouerghemmi
Submitter Website https://ripstech.com
Views 5445
Verified No
WPVDB ID 9034

Timeline

Publicly Published 2018-02-28 (over 1 year ago)
Added 2018-03-02 (over 1 year ago)
Last Updated 2018-08-29 (about 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin